@blamejs/exceptd-skills 0.12.41 → 0.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +124 -0
- package/bin/exceptd.js +52 -44
- package/data/_indexes/_meta.json +49 -49
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1531 -575
- package/data/_indexes/jurisdiction-map.json +15 -4
- package/data/_indexes/section-offsets.json +1244 -1244
- package/data/_indexes/token-budget.json +173 -173
- package/data/atlas-ttps.json +55 -11
- package/data/attack-techniques.json +124 -19
- package/data/cve-catalog.json +194 -27
- package/data/cwe-catalog.json +15 -5
- package/data/framework-control-gaps.json +32 -10
- package/data/playbooks/ai-api.json +5 -0
- package/data/playbooks/cicd-pipeline-compromise.json +970 -0
- package/data/playbooks/cloud-iam-incident.json +4 -1
- package/data/playbooks/cred-stores.json +10 -0
- package/data/playbooks/framework.json +16 -0
- package/data/playbooks/hardening.json +4 -0
- package/data/playbooks/identity-sso-compromise.json +951 -0
- package/data/playbooks/idp-incident.json +3 -0
- package/data/playbooks/kernel.json +6 -0
- package/data/playbooks/llm-tool-use-exfil.json +963 -0
- package/data/playbooks/mcp.json +6 -0
- package/data/playbooks/runtime.json +4 -0
- package/data/playbooks/sbom.json +13 -0
- package/data/playbooks/secrets.json +6 -0
- package/data/playbooks/webhook-callback-abuse.json +916 -0
- package/data/zeroday-lessons.json +178 -0
- package/lib/cross-ref-api.js +33 -13
- package/lib/cve-curation.js +12 -1
- package/lib/exit-codes.js +29 -0
- package/lib/lint-skills.js +24 -2
- package/lib/refresh-external.js +17 -1
- package/lib/scoring.js +55 -0
- package/lib/source-advisories.js +281 -0
- package/manifest.json +83 -83
- package/orchestrator/index.js +207 -24
- package/package.json +1 -1
- package/sbom.cdx.json +134 -79
- package/scripts/predeploy.js +7 -13
- package/scripts/refresh-reverse-refs.js +86 -0
- package/scripts/refresh-sbom.js +21 -4
- package/skills/age-gates-child-safety/skill.md +1 -5
- package/skills/ai-attack-surface/skill.md +11 -4
- package/skills/ai-c2-detection/skill.md +11 -2
- package/skills/ai-risk-management/skill.md +4 -2
- package/skills/api-security/skill.md +7 -8
- package/skills/attack-surface-pentest/skill.md +2 -2
- package/skills/cloud-iam-incident/skill.md +1 -5
- package/skills/cloud-security/skill.md +0 -4
- package/skills/compliance-theater/skill.md +10 -2
- package/skills/container-runtime-security/skill.md +1 -3
- package/skills/dlp-gap-analysis/skill.md +3 -4
- package/skills/email-security-anti-phishing/skill.md +1 -8
- package/skills/exploit-scoring/skill.md +7 -2
- package/skills/framework-gap-analysis/skill.md +1 -1
- package/skills/fuzz-testing-strategy/skill.md +1 -2
- package/skills/global-grc/skill.md +3 -2
- package/skills/identity-assurance/skill.md +1 -3
- package/skills/idp-incident-response/skill.md +1 -4
- package/skills/incident-response-playbook/skill.md +1 -5
- package/skills/kernel-lpe-triage/skill.md +2 -2
- package/skills/mcp-agent-trust/skill.md +13 -3
- package/skills/mlops-security/skill.md +2 -3
- package/skills/ot-ics-security/skill.md +0 -3
- package/skills/policy-exception-gen/skill.md +11 -3
- package/skills/pqc-first/skill.md +4 -2
- package/skills/rag-pipeline-security/skill.md +2 -0
- package/skills/ransomware-response/skill.md +1 -5
- package/skills/researcher/skill.md +4 -3
- package/skills/sector-energy/skill.md +0 -4
- package/skills/sector-federal-government/skill.md +2 -3
- package/skills/sector-financial/skill.md +1 -4
- package/skills/sector-healthcare/skill.md +0 -5
- package/skills/sector-telecom/skill.md +0 -4
- package/skills/security-maturity-tiers/skill.md +1 -2
- package/skills/skill-update-loop/skill.md +4 -3
- package/skills/supply-chain-integrity/skill.md +4 -3
- package/skills/threat-model-currency/skill.md +1 -1
- package/skills/threat-modeling-methodology/skill.md +2 -1
- package/skills/webapp-security/skill.md +0 -5
|
@@ -3183,14 +3183,354 @@
|
|
|
3183
3183
|
"cvss": 10,
|
|
3184
3184
|
"cisa_kev": true,
|
|
3185
3185
|
"epss_score": 0.86,
|
|
3186
|
-
"referencing_skills": [
|
|
3186
|
+
"referencing_skills": [
|
|
3187
|
+
"mcp-agent-trust",
|
|
3188
|
+
"supply-chain-integrity",
|
|
3189
|
+
"identity-assurance",
|
|
3190
|
+
"sector-healthcare",
|
|
3191
|
+
"sector-federal-government",
|
|
3192
|
+
"cloud-security",
|
|
3193
|
+
"container-runtime-security",
|
|
3194
|
+
"mlops-security",
|
|
3195
|
+
"age-gates-child-safety"
|
|
3196
|
+
],
|
|
3187
3197
|
"chain": {
|
|
3188
|
-
"cwes": [
|
|
3189
|
-
|
|
3190
|
-
|
|
3191
|
-
|
|
3192
|
-
|
|
3193
|
-
|
|
3198
|
+
"cwes": [
|
|
3199
|
+
{
|
|
3200
|
+
"id": "CWE-1188",
|
|
3201
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
3202
|
+
"category": "Configuration"
|
|
3203
|
+
},
|
|
3204
|
+
{
|
|
3205
|
+
"id": "CWE-1357",
|
|
3206
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
3207
|
+
"category": "Supply Chain"
|
|
3208
|
+
},
|
|
3209
|
+
{
|
|
3210
|
+
"id": "CWE-1395",
|
|
3211
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
3212
|
+
"category": "Supply Chain"
|
|
3213
|
+
},
|
|
3214
|
+
{
|
|
3215
|
+
"id": "CWE-1426",
|
|
3216
|
+
"name": "Improper Validation of Generative AI Output",
|
|
3217
|
+
"category": "AI/ML"
|
|
3218
|
+
},
|
|
3219
|
+
{
|
|
3220
|
+
"id": "CWE-200",
|
|
3221
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
3222
|
+
"category": "Information Exposure"
|
|
3223
|
+
},
|
|
3224
|
+
{
|
|
3225
|
+
"id": "CWE-22",
|
|
3226
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
3227
|
+
"category": "Path/Resource"
|
|
3228
|
+
},
|
|
3229
|
+
{
|
|
3230
|
+
"id": "CWE-269",
|
|
3231
|
+
"name": "Improper Privilege Management",
|
|
3232
|
+
"category": "Authorization"
|
|
3233
|
+
},
|
|
3234
|
+
{
|
|
3235
|
+
"id": "CWE-287",
|
|
3236
|
+
"name": "Improper Authentication",
|
|
3237
|
+
"category": "Authentication"
|
|
3238
|
+
},
|
|
3239
|
+
{
|
|
3240
|
+
"id": "CWE-306",
|
|
3241
|
+
"name": "Missing Authentication for Critical Function",
|
|
3242
|
+
"category": "Authentication"
|
|
3243
|
+
},
|
|
3244
|
+
{
|
|
3245
|
+
"id": "CWE-345",
|
|
3246
|
+
"name": "Insufficient Verification of Data Authenticity",
|
|
3247
|
+
"category": "Authenticity / Supply Chain"
|
|
3248
|
+
},
|
|
3249
|
+
{
|
|
3250
|
+
"id": "CWE-352",
|
|
3251
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
3252
|
+
"category": "Session"
|
|
3253
|
+
},
|
|
3254
|
+
{
|
|
3255
|
+
"id": "CWE-434",
|
|
3256
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
3257
|
+
"category": "File Handling"
|
|
3258
|
+
},
|
|
3259
|
+
{
|
|
3260
|
+
"id": "CWE-494",
|
|
3261
|
+
"name": "Download of Code Without Integrity Check",
|
|
3262
|
+
"category": "Supply Chain"
|
|
3263
|
+
},
|
|
3264
|
+
{
|
|
3265
|
+
"id": "CWE-502",
|
|
3266
|
+
"name": "Deserialization of Untrusted Data",
|
|
3267
|
+
"category": "Serialization"
|
|
3268
|
+
},
|
|
3269
|
+
{
|
|
3270
|
+
"id": "CWE-732",
|
|
3271
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
3272
|
+
"category": "Authorization"
|
|
3273
|
+
},
|
|
3274
|
+
{
|
|
3275
|
+
"id": "CWE-77",
|
|
3276
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
3277
|
+
"category": "Injection"
|
|
3278
|
+
},
|
|
3279
|
+
{
|
|
3280
|
+
"id": "CWE-787",
|
|
3281
|
+
"name": "Out-of-bounds Write",
|
|
3282
|
+
"category": "Memory Safety"
|
|
3283
|
+
},
|
|
3284
|
+
{
|
|
3285
|
+
"id": "CWE-798",
|
|
3286
|
+
"name": "Use of Hard-coded Credentials",
|
|
3287
|
+
"category": "Credentials"
|
|
3288
|
+
},
|
|
3289
|
+
{
|
|
3290
|
+
"id": "CWE-829",
|
|
3291
|
+
"name": "Inclusion of Functionality from Untrusted Control Sphere",
|
|
3292
|
+
"category": "Supply Chain"
|
|
3293
|
+
},
|
|
3294
|
+
{
|
|
3295
|
+
"id": "CWE-862",
|
|
3296
|
+
"name": "Missing Authorization",
|
|
3297
|
+
"category": "Authorization"
|
|
3298
|
+
},
|
|
3299
|
+
{
|
|
3300
|
+
"id": "CWE-863",
|
|
3301
|
+
"name": "Incorrect Authorization",
|
|
3302
|
+
"category": "Authorization"
|
|
3303
|
+
},
|
|
3304
|
+
{
|
|
3305
|
+
"id": "CWE-918",
|
|
3306
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
3307
|
+
"category": "Network"
|
|
3308
|
+
},
|
|
3309
|
+
{
|
|
3310
|
+
"id": "CWE-94",
|
|
3311
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
3312
|
+
"category": "Injection"
|
|
3313
|
+
}
|
|
3314
|
+
],
|
|
3315
|
+
"atlas": [
|
|
3316
|
+
{
|
|
3317
|
+
"id": "AML.T0010",
|
|
3318
|
+
"name": "ML Supply Chain Compromise",
|
|
3319
|
+
"tactic": "Initial Access"
|
|
3320
|
+
},
|
|
3321
|
+
{
|
|
3322
|
+
"id": "AML.T0016",
|
|
3323
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
3324
|
+
"tactic": "Resource Development"
|
|
3325
|
+
},
|
|
3326
|
+
{
|
|
3327
|
+
"id": "AML.T0017",
|
|
3328
|
+
"name": "Discover ML Model Ontology",
|
|
3329
|
+
"tactic": "Discovery"
|
|
3330
|
+
},
|
|
3331
|
+
{
|
|
3332
|
+
"id": "AML.T0018",
|
|
3333
|
+
"name": "Backdoor ML Model",
|
|
3334
|
+
"tactic": "Persistence"
|
|
3335
|
+
},
|
|
3336
|
+
{
|
|
3337
|
+
"id": "AML.T0020",
|
|
3338
|
+
"name": "Poison Training Data",
|
|
3339
|
+
"tactic": "ML Attack Staging"
|
|
3340
|
+
},
|
|
3341
|
+
{
|
|
3342
|
+
"id": "AML.T0043",
|
|
3343
|
+
"name": "Craft Adversarial Data",
|
|
3344
|
+
"tactic": "ML Attack Staging"
|
|
3345
|
+
},
|
|
3346
|
+
{
|
|
3347
|
+
"id": "AML.T0051",
|
|
3348
|
+
"name": "LLM Prompt Injection",
|
|
3349
|
+
"tactic": "Execution"
|
|
3350
|
+
},
|
|
3351
|
+
{
|
|
3352
|
+
"id": "AML.T0096",
|
|
3353
|
+
"name": "AI API as Covert C2 Channel",
|
|
3354
|
+
"tactic": "Command and Control"
|
|
3355
|
+
}
|
|
3356
|
+
],
|
|
3357
|
+
"d3fend": [
|
|
3358
|
+
{
|
|
3359
|
+
"id": "D3-CBAN",
|
|
3360
|
+
"name": "Certificate-based Authentication",
|
|
3361
|
+
"tactic": "Harden"
|
|
3362
|
+
},
|
|
3363
|
+
{
|
|
3364
|
+
"id": "D3-CSPP",
|
|
3365
|
+
"name": "Client-server Payload Profiling",
|
|
3366
|
+
"tactic": "Detect"
|
|
3367
|
+
},
|
|
3368
|
+
{
|
|
3369
|
+
"id": "D3-EAL",
|
|
3370
|
+
"name": "Executable Allowlisting",
|
|
3371
|
+
"tactic": "Harden"
|
|
3372
|
+
},
|
|
3373
|
+
{
|
|
3374
|
+
"id": "D3-EHB",
|
|
3375
|
+
"name": "Executable Hashbased Allowlist",
|
|
3376
|
+
"tactic": "Harden"
|
|
3377
|
+
},
|
|
3378
|
+
{
|
|
3379
|
+
"id": "D3-MFA",
|
|
3380
|
+
"name": "Multi-factor Authentication",
|
|
3381
|
+
"tactic": "Harden"
|
|
3382
|
+
}
|
|
3383
|
+
],
|
|
3384
|
+
"framework_gaps": [
|
|
3385
|
+
{
|
|
3386
|
+
"id": "ALL-MCP-TOOL-TRUST",
|
|
3387
|
+
"framework": "ALL",
|
|
3388
|
+
"control_name": "MCP/Agent Tool Trust Boundaries"
|
|
3389
|
+
},
|
|
3390
|
+
{
|
|
3391
|
+
"id": "CMMC-2.0-Level-2",
|
|
3392
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
3393
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
3394
|
+
},
|
|
3395
|
+
{
|
|
3396
|
+
"id": "CycloneDX-v1.6-SBOM",
|
|
3397
|
+
"framework": "CycloneDX v1.6 (OWASP SBOM standard)",
|
|
3398
|
+
"control_name": "Software Bill of Materials"
|
|
3399
|
+
},
|
|
3400
|
+
{
|
|
3401
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
3402
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
3403
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
3404
|
+
},
|
|
3405
|
+
{
|
|
3406
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
3407
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
3408
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
3409
|
+
},
|
|
3410
|
+
{
|
|
3411
|
+
"id": "HITRUST-CSF-v11.4-09.l",
|
|
3412
|
+
"framework": "HITRUST CSF v11.4",
|
|
3413
|
+
"control_name": "Outsourced services management"
|
|
3414
|
+
},
|
|
3415
|
+
{
|
|
3416
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
3417
|
+
"framework": "ISO/IEC 27001:2022",
|
|
3418
|
+
"control_name": "Secure coding"
|
|
3419
|
+
},
|
|
3420
|
+
{
|
|
3421
|
+
"id": "ISO-27001-2022-A.8.30",
|
|
3422
|
+
"framework": "ISO/IEC 27001:2022",
|
|
3423
|
+
"control_name": "Outsourced development"
|
|
3424
|
+
},
|
|
3425
|
+
{
|
|
3426
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
3427
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
3428
|
+
"control_name": "AI risk assessment"
|
|
3429
|
+
},
|
|
3430
|
+
{
|
|
3431
|
+
"id": "NIST-800-218-SSDF",
|
|
3432
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
3433
|
+
"control_name": "Secure Software Development Framework"
|
|
3434
|
+
},
|
|
3435
|
+
{
|
|
3436
|
+
"id": "NIST-800-53-AC-2",
|
|
3437
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3438
|
+
"control_name": "Account Management"
|
|
3439
|
+
},
|
|
3440
|
+
{
|
|
3441
|
+
"id": "NIST-800-53-CM-7",
|
|
3442
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3443
|
+
"control_name": "Least Functionality"
|
|
3444
|
+
},
|
|
3445
|
+
{
|
|
3446
|
+
"id": "NIST-800-53-SA-12",
|
|
3447
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3448
|
+
"control_name": "Supply Chain Protection"
|
|
3449
|
+
},
|
|
3450
|
+
{
|
|
3451
|
+
"id": "NIST-800-63B-rev4",
|
|
3452
|
+
"framework": "NIST SP 800-63B Rev 4 (Digital Identity Guidelines — Authentication & Lifecycle Mgmt)",
|
|
3453
|
+
"control_name": "Authentication and Lifecycle Management (AAL/IAL/FAL)"
|
|
3454
|
+
},
|
|
3455
|
+
{
|
|
3456
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
3457
|
+
"framework": "NIST AI RMF 1.0",
|
|
3458
|
+
"control_name": "AI system to human interaction evaluation"
|
|
3459
|
+
},
|
|
3460
|
+
{
|
|
3461
|
+
"id": "OWASP-LLM-Top-10-2025-LLM06",
|
|
3462
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
3463
|
+
"control_name": "Excessive Agency"
|
|
3464
|
+
},
|
|
3465
|
+
{
|
|
3466
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
3467
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
3468
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
3469
|
+
},
|
|
3470
|
+
{
|
|
3471
|
+
"id": "PSD2-RTS-SCA",
|
|
3472
|
+
"framework": "EU PSD2 Regulatory Technical Standards on Strong Customer Authentication (Commission Delegated Regulation (EU) 2018/389)",
|
|
3473
|
+
"control_name": "Strong Customer Authentication and Common and Secure Communication"
|
|
3474
|
+
},
|
|
3475
|
+
{
|
|
3476
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
3477
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
3478
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
3479
|
+
},
|
|
3480
|
+
{
|
|
3481
|
+
"id": "SOC2-CC6-logical-access",
|
|
3482
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3483
|
+
"control_name": "Logical and Physical Access Controls"
|
|
3484
|
+
},
|
|
3485
|
+
{
|
|
3486
|
+
"id": "SOC2-CC9-vendor-management",
|
|
3487
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3488
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
3489
|
+
},
|
|
3490
|
+
{
|
|
3491
|
+
"id": "SPDX-v3.0-SBOM",
|
|
3492
|
+
"framework": "SPDX v3.0 (ISO/IEC 5962-aligned SBOM standard)",
|
|
3493
|
+
"control_name": "Software Package Data Exchange — SBOM"
|
|
3494
|
+
},
|
|
3495
|
+
{
|
|
3496
|
+
"id": "SWIFT-CSCF-v2026-1.1",
|
|
3497
|
+
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
3498
|
+
"control_name": "SWIFT Environment Protection"
|
|
3499
|
+
},
|
|
3500
|
+
{
|
|
3501
|
+
"id": "VEX-CSAF-v2.1",
|
|
3502
|
+
"framework": "VEX via OASIS CSAF 2.1 (Common Security Advisory Framework)",
|
|
3503
|
+
"control_name": "Vulnerability Exploitability eXchange profile"
|
|
3504
|
+
}
|
|
3505
|
+
],
|
|
3506
|
+
"attack_refs": [
|
|
3507
|
+
"T1059",
|
|
3508
|
+
"T1068",
|
|
3509
|
+
"T1078",
|
|
3510
|
+
"T1110",
|
|
3511
|
+
"T1190",
|
|
3512
|
+
"T1195.001",
|
|
3513
|
+
"T1195.002",
|
|
3514
|
+
"T1530",
|
|
3515
|
+
"T1552",
|
|
3516
|
+
"T1554",
|
|
3517
|
+
"T1556",
|
|
3518
|
+
"T1565",
|
|
3519
|
+
"T1567",
|
|
3520
|
+
"T1610",
|
|
3521
|
+
"T1611"
|
|
3522
|
+
],
|
|
3523
|
+
"rfc_refs": [
|
|
3524
|
+
"RFC-6749",
|
|
3525
|
+
"RFC-7519",
|
|
3526
|
+
"RFC-8032",
|
|
3527
|
+
"RFC-8446",
|
|
3528
|
+
"RFC-8725",
|
|
3529
|
+
"RFC-9114",
|
|
3530
|
+
"RFC-9180",
|
|
3531
|
+
"RFC-9421",
|
|
3532
|
+
"RFC-9700"
|
|
3533
|
+
]
|
|
3194
3534
|
}
|
|
3195
3535
|
},
|
|
3196
3536
|
"CVE-2024-3154": {
|
|
@@ -3433,28 +3773,282 @@
|
|
|
3433
3773
|
"rfc_refs": []
|
|
3434
3774
|
}
|
|
3435
3775
|
},
|
|
3436
|
-
"CVE-2025-59389": {
|
|
3437
|
-
"name": "QNAP Hyper Data Protector critical RCE (Pwn2Own Ireland 2025)",
|
|
3438
|
-
"rwep": 45,
|
|
3439
|
-
"cvss": 9.8,
|
|
3440
|
-
"cisa_kev": false,
|
|
3441
|
-
"epss_score": 0.05,
|
|
3442
|
-
"referencing_skills": [],
|
|
3776
|
+
"CVE-2025-59389": {
|
|
3777
|
+
"name": "QNAP Hyper Data Protector critical RCE (Pwn2Own Ireland 2025)",
|
|
3778
|
+
"rwep": 45,
|
|
3779
|
+
"cvss": 9.8,
|
|
3780
|
+
"cisa_kev": false,
|
|
3781
|
+
"epss_score": 0.05,
|
|
3782
|
+
"referencing_skills": [],
|
|
3783
|
+
"chain": {
|
|
3784
|
+
"cwes": [],
|
|
3785
|
+
"atlas": [],
|
|
3786
|
+
"d3fend": [],
|
|
3787
|
+
"framework_gaps": [],
|
|
3788
|
+
"attack_refs": [],
|
|
3789
|
+
"rfc_refs": []
|
|
3790
|
+
}
|
|
3791
|
+
},
|
|
3792
|
+
"CVE-2025-11837": {
|
|
3793
|
+
"name": "QNAP Malware Remover code-injection",
|
|
3794
|
+
"rwep": 40,
|
|
3795
|
+
"cvss": 8,
|
|
3796
|
+
"cisa_kev": false,
|
|
3797
|
+
"epss_score": 0.025,
|
|
3798
|
+
"referencing_skills": [],
|
|
3799
|
+
"chain": {
|
|
3800
|
+
"cwes": [],
|
|
3801
|
+
"atlas": [],
|
|
3802
|
+
"d3fend": [],
|
|
3803
|
+
"framework_gaps": [],
|
|
3804
|
+
"attack_refs": [],
|
|
3805
|
+
"rfc_refs": []
|
|
3806
|
+
}
|
|
3807
|
+
},
|
|
3808
|
+
"CVE-2026-42945": {
|
|
3809
|
+
"name": "NGINX Rift",
|
|
3810
|
+
"rwep": 40,
|
|
3811
|
+
"cvss": 9.2,
|
|
3812
|
+
"cisa_kev": false,
|
|
3813
|
+
"epss_score": null,
|
|
3814
|
+
"referencing_skills": [
|
|
3815
|
+
"kernel-lpe-triage",
|
|
3816
|
+
"coordinated-vuln-disclosure"
|
|
3817
|
+
],
|
|
3818
|
+
"chain": {
|
|
3819
|
+
"cwes": [
|
|
3820
|
+
{
|
|
3821
|
+
"id": "CWE-125",
|
|
3822
|
+
"name": "Out-of-bounds Read",
|
|
3823
|
+
"category": "Memory Safety"
|
|
3824
|
+
},
|
|
3825
|
+
{
|
|
3826
|
+
"id": "CWE-1357",
|
|
3827
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
3828
|
+
"category": "Supply Chain"
|
|
3829
|
+
},
|
|
3830
|
+
{
|
|
3831
|
+
"id": "CWE-362",
|
|
3832
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
3833
|
+
"category": "Concurrency"
|
|
3834
|
+
},
|
|
3835
|
+
{
|
|
3836
|
+
"id": "CWE-416",
|
|
3837
|
+
"name": "Use After Free",
|
|
3838
|
+
"category": "Memory Safety"
|
|
3839
|
+
},
|
|
3840
|
+
{
|
|
3841
|
+
"id": "CWE-672",
|
|
3842
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
3843
|
+
"category": "Memory Safety"
|
|
3844
|
+
},
|
|
3845
|
+
{
|
|
3846
|
+
"id": "CWE-787",
|
|
3847
|
+
"name": "Out-of-bounds Write",
|
|
3848
|
+
"category": "Memory Safety"
|
|
3849
|
+
}
|
|
3850
|
+
],
|
|
3851
|
+
"atlas": [],
|
|
3852
|
+
"d3fend": [
|
|
3853
|
+
{
|
|
3854
|
+
"id": "D3-ASLR",
|
|
3855
|
+
"name": "Address Space Layout Randomization",
|
|
3856
|
+
"tactic": "Harden"
|
|
3857
|
+
},
|
|
3858
|
+
{
|
|
3859
|
+
"id": "D3-EAL",
|
|
3860
|
+
"name": "Executable Allowlisting",
|
|
3861
|
+
"tactic": "Harden"
|
|
3862
|
+
},
|
|
3863
|
+
{
|
|
3864
|
+
"id": "D3-PHRA",
|
|
3865
|
+
"name": "Process Hardware Resource Access",
|
|
3866
|
+
"tactic": "Isolate"
|
|
3867
|
+
},
|
|
3868
|
+
{
|
|
3869
|
+
"id": "D3-PSEP",
|
|
3870
|
+
"name": "Process Segment Execution Prevention",
|
|
3871
|
+
"tactic": "Harden"
|
|
3872
|
+
}
|
|
3873
|
+
],
|
|
3874
|
+
"framework_gaps": [
|
|
3875
|
+
{
|
|
3876
|
+
"id": "CIS-Controls-v8-Control7",
|
|
3877
|
+
"framework": "CIS Controls v8",
|
|
3878
|
+
"control_name": "Continuous Vulnerability Management"
|
|
3879
|
+
},
|
|
3880
|
+
{
|
|
3881
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
3882
|
+
"framework": "ISO/IEC 27001:2022",
|
|
3883
|
+
"control_name": "Management of technical vulnerabilities"
|
|
3884
|
+
},
|
|
3885
|
+
{
|
|
3886
|
+
"id": "NIS2-Art21-patch-management",
|
|
3887
|
+
"framework": "EU NIS2 Directive",
|
|
3888
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
3889
|
+
},
|
|
3890
|
+
{
|
|
3891
|
+
"id": "NIST-800-218-SSDF",
|
|
3892
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
3893
|
+
"control_name": "Secure Software Development Framework"
|
|
3894
|
+
},
|
|
3895
|
+
{
|
|
3896
|
+
"id": "NIST-800-53-SC-8",
|
|
3897
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3898
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
3899
|
+
},
|
|
3900
|
+
{
|
|
3901
|
+
"id": "NIST-800-53-SI-2",
|
|
3902
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
3903
|
+
"control_name": "Flaw Remediation"
|
|
3904
|
+
},
|
|
3905
|
+
{
|
|
3906
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
3907
|
+
"framework": "PCI DSS 4.0",
|
|
3908
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
3909
|
+
},
|
|
3910
|
+
{
|
|
3911
|
+
"id": "SOC2-CC9-vendor-management",
|
|
3912
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3913
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
3914
|
+
}
|
|
3915
|
+
],
|
|
3916
|
+
"attack_refs": [
|
|
3917
|
+
"T1068",
|
|
3918
|
+
"T1548.001"
|
|
3919
|
+
],
|
|
3920
|
+
"rfc_refs": [
|
|
3921
|
+
"RFC-4301",
|
|
3922
|
+
"RFC-4303",
|
|
3923
|
+
"RFC-7296"
|
|
3924
|
+
]
|
|
3925
|
+
}
|
|
3926
|
+
},
|
|
3927
|
+
"CVE-2026-0300": {
|
|
3928
|
+
"name": "PAN-UID — Palo Alto Networks PAN-OS User-ID Authentication Portal RCE",
|
|
3929
|
+
"rwep": 73,
|
|
3930
|
+
"cvss": 9.3,
|
|
3931
|
+
"cisa_kev": true,
|
|
3932
|
+
"epss_score": null,
|
|
3933
|
+
"referencing_skills": [
|
|
3934
|
+
"kernel-lpe-triage",
|
|
3935
|
+
"coordinated-vuln-disclosure"
|
|
3936
|
+
],
|
|
3443
3937
|
"chain": {
|
|
3444
|
-
"cwes": [
|
|
3938
|
+
"cwes": [
|
|
3939
|
+
{
|
|
3940
|
+
"id": "CWE-125",
|
|
3941
|
+
"name": "Out-of-bounds Read",
|
|
3942
|
+
"category": "Memory Safety"
|
|
3943
|
+
},
|
|
3944
|
+
{
|
|
3945
|
+
"id": "CWE-1357",
|
|
3946
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
3947
|
+
"category": "Supply Chain"
|
|
3948
|
+
},
|
|
3949
|
+
{
|
|
3950
|
+
"id": "CWE-362",
|
|
3951
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
3952
|
+
"category": "Concurrency"
|
|
3953
|
+
},
|
|
3954
|
+
{
|
|
3955
|
+
"id": "CWE-416",
|
|
3956
|
+
"name": "Use After Free",
|
|
3957
|
+
"category": "Memory Safety"
|
|
3958
|
+
},
|
|
3959
|
+
{
|
|
3960
|
+
"id": "CWE-672",
|
|
3961
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
3962
|
+
"category": "Memory Safety"
|
|
3963
|
+
},
|
|
3964
|
+
{
|
|
3965
|
+
"id": "CWE-787",
|
|
3966
|
+
"name": "Out-of-bounds Write",
|
|
3967
|
+
"category": "Memory Safety"
|
|
3968
|
+
}
|
|
3969
|
+
],
|
|
3445
3970
|
"atlas": [],
|
|
3446
|
-
"d3fend": [
|
|
3447
|
-
|
|
3448
|
-
|
|
3449
|
-
|
|
3971
|
+
"d3fend": [
|
|
3972
|
+
{
|
|
3973
|
+
"id": "D3-ASLR",
|
|
3974
|
+
"name": "Address Space Layout Randomization",
|
|
3975
|
+
"tactic": "Harden"
|
|
3976
|
+
},
|
|
3977
|
+
{
|
|
3978
|
+
"id": "D3-EAL",
|
|
3979
|
+
"name": "Executable Allowlisting",
|
|
3980
|
+
"tactic": "Harden"
|
|
3981
|
+
},
|
|
3982
|
+
{
|
|
3983
|
+
"id": "D3-PHRA",
|
|
3984
|
+
"name": "Process Hardware Resource Access",
|
|
3985
|
+
"tactic": "Isolate"
|
|
3986
|
+
},
|
|
3987
|
+
{
|
|
3988
|
+
"id": "D3-PSEP",
|
|
3989
|
+
"name": "Process Segment Execution Prevention",
|
|
3990
|
+
"tactic": "Harden"
|
|
3991
|
+
}
|
|
3992
|
+
],
|
|
3993
|
+
"framework_gaps": [
|
|
3994
|
+
{
|
|
3995
|
+
"id": "CIS-Controls-v8-Control7",
|
|
3996
|
+
"framework": "CIS Controls v8",
|
|
3997
|
+
"control_name": "Continuous Vulnerability Management"
|
|
3998
|
+
},
|
|
3999
|
+
{
|
|
4000
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
4001
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4002
|
+
"control_name": "Management of technical vulnerabilities"
|
|
4003
|
+
},
|
|
4004
|
+
{
|
|
4005
|
+
"id": "NIS2-Art21-patch-management",
|
|
4006
|
+
"framework": "EU NIS2 Directive",
|
|
4007
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
4008
|
+
},
|
|
4009
|
+
{
|
|
4010
|
+
"id": "NIST-800-218-SSDF",
|
|
4011
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
4012
|
+
"control_name": "Secure Software Development Framework"
|
|
4013
|
+
},
|
|
4014
|
+
{
|
|
4015
|
+
"id": "NIST-800-53-SC-8",
|
|
4016
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4017
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
4018
|
+
},
|
|
4019
|
+
{
|
|
4020
|
+
"id": "NIST-800-53-SI-2",
|
|
4021
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4022
|
+
"control_name": "Flaw Remediation"
|
|
4023
|
+
},
|
|
4024
|
+
{
|
|
4025
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
4026
|
+
"framework": "PCI DSS 4.0",
|
|
4027
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
4028
|
+
},
|
|
4029
|
+
{
|
|
4030
|
+
"id": "SOC2-CC9-vendor-management",
|
|
4031
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4032
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
4033
|
+
}
|
|
4034
|
+
],
|
|
4035
|
+
"attack_refs": [
|
|
4036
|
+
"T1068",
|
|
4037
|
+
"T1548.001"
|
|
4038
|
+
],
|
|
4039
|
+
"rfc_refs": [
|
|
4040
|
+
"RFC-4301",
|
|
4041
|
+
"RFC-4303",
|
|
4042
|
+
"RFC-7296"
|
|
4043
|
+
]
|
|
3450
4044
|
}
|
|
3451
4045
|
},
|
|
3452
|
-
"CVE-
|
|
3453
|
-
"name": "
|
|
3454
|
-
"rwep":
|
|
3455
|
-
"cvss":
|
|
3456
|
-
"cisa_kev":
|
|
3457
|
-
"epss_score":
|
|
4046
|
+
"CVE-2026-39987": {
|
|
4047
|
+
"name": "Marimo Python Notebook Pre-Auth WebSocket Terminal RCE",
|
|
4048
|
+
"rwep": 62,
|
|
4049
|
+
"cvss": 9.3,
|
|
4050
|
+
"cisa_kev": true,
|
|
4051
|
+
"epss_score": null,
|
|
3458
4052
|
"referencing_skills": [],
|
|
3459
4053
|
"chain": {
|
|
3460
4054
|
"cwes": [],
|
|
@@ -3465,31 +4059,119 @@
|
|
|
3465
4059
|
"rfc_refs": []
|
|
3466
4060
|
}
|
|
3467
4061
|
},
|
|
3468
|
-
"CVE-2026-
|
|
3469
|
-
"name": "
|
|
3470
|
-
"rwep":
|
|
3471
|
-
"cvss":
|
|
3472
|
-
"cisa_kev":
|
|
4062
|
+
"CVE-2026-6973": {
|
|
4063
|
+
"name": "Ivanti EPMM Authenticated-Admin RCE",
|
|
4064
|
+
"rwep": 62,
|
|
4065
|
+
"cvss": 7.2,
|
|
4066
|
+
"cisa_kev": true,
|
|
3473
4067
|
"epss_score": null,
|
|
3474
|
-
"referencing_skills": [
|
|
4068
|
+
"referencing_skills": [
|
|
4069
|
+
"kernel-lpe-triage"
|
|
4070
|
+
],
|
|
3475
4071
|
"chain": {
|
|
3476
|
-
"cwes": [
|
|
4072
|
+
"cwes": [
|
|
4073
|
+
{
|
|
4074
|
+
"id": "CWE-125",
|
|
4075
|
+
"name": "Out-of-bounds Read",
|
|
4076
|
+
"category": "Memory Safety"
|
|
4077
|
+
},
|
|
4078
|
+
{
|
|
4079
|
+
"id": "CWE-362",
|
|
4080
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
4081
|
+
"category": "Concurrency"
|
|
4082
|
+
},
|
|
4083
|
+
{
|
|
4084
|
+
"id": "CWE-416",
|
|
4085
|
+
"name": "Use After Free",
|
|
4086
|
+
"category": "Memory Safety"
|
|
4087
|
+
},
|
|
4088
|
+
{
|
|
4089
|
+
"id": "CWE-672",
|
|
4090
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
4091
|
+
"category": "Memory Safety"
|
|
4092
|
+
},
|
|
4093
|
+
{
|
|
4094
|
+
"id": "CWE-787",
|
|
4095
|
+
"name": "Out-of-bounds Write",
|
|
4096
|
+
"category": "Memory Safety"
|
|
4097
|
+
}
|
|
4098
|
+
],
|
|
3477
4099
|
"atlas": [],
|
|
3478
|
-
"d3fend": [
|
|
3479
|
-
|
|
3480
|
-
|
|
3481
|
-
|
|
4100
|
+
"d3fend": [
|
|
4101
|
+
{
|
|
4102
|
+
"id": "D3-ASLR",
|
|
4103
|
+
"name": "Address Space Layout Randomization",
|
|
4104
|
+
"tactic": "Harden"
|
|
4105
|
+
},
|
|
4106
|
+
{
|
|
4107
|
+
"id": "D3-EAL",
|
|
4108
|
+
"name": "Executable Allowlisting",
|
|
4109
|
+
"tactic": "Harden"
|
|
4110
|
+
},
|
|
4111
|
+
{
|
|
4112
|
+
"id": "D3-PHRA",
|
|
4113
|
+
"name": "Process Hardware Resource Access",
|
|
4114
|
+
"tactic": "Isolate"
|
|
4115
|
+
},
|
|
4116
|
+
{
|
|
4117
|
+
"id": "D3-PSEP",
|
|
4118
|
+
"name": "Process Segment Execution Prevention",
|
|
4119
|
+
"tactic": "Harden"
|
|
4120
|
+
}
|
|
4121
|
+
],
|
|
4122
|
+
"framework_gaps": [
|
|
4123
|
+
{
|
|
4124
|
+
"id": "CIS-Controls-v8-Control7",
|
|
4125
|
+
"framework": "CIS Controls v8",
|
|
4126
|
+
"control_name": "Continuous Vulnerability Management"
|
|
4127
|
+
},
|
|
4128
|
+
{
|
|
4129
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
4130
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4131
|
+
"control_name": "Management of technical vulnerabilities"
|
|
4132
|
+
},
|
|
4133
|
+
{
|
|
4134
|
+
"id": "NIS2-Art21-patch-management",
|
|
4135
|
+
"framework": "EU NIS2 Directive",
|
|
4136
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
4137
|
+
},
|
|
4138
|
+
{
|
|
4139
|
+
"id": "NIST-800-53-SC-8",
|
|
4140
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4141
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
4142
|
+
},
|
|
4143
|
+
{
|
|
4144
|
+
"id": "NIST-800-53-SI-2",
|
|
4145
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4146
|
+
"control_name": "Flaw Remediation"
|
|
4147
|
+
},
|
|
4148
|
+
{
|
|
4149
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
4150
|
+
"framework": "PCI DSS 4.0",
|
|
4151
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
4152
|
+
}
|
|
4153
|
+
],
|
|
4154
|
+
"attack_refs": [
|
|
4155
|
+
"T1068",
|
|
4156
|
+
"T1548.001"
|
|
4157
|
+
],
|
|
4158
|
+
"rfc_refs": [
|
|
4159
|
+
"RFC-4301",
|
|
4160
|
+
"RFC-4303",
|
|
4161
|
+
"RFC-7296"
|
|
4162
|
+
]
|
|
3482
4163
|
}
|
|
3483
4164
|
},
|
|
3484
|
-
"CVE-2026-
|
|
3485
|
-
"name": "
|
|
3486
|
-
"rwep":
|
|
3487
|
-
"cvss":
|
|
4165
|
+
"CVE-2026-42897": {
|
|
4166
|
+
"name": "Microsoft Exchange OWA Stored XSS / Spoofing Zero-Day",
|
|
4167
|
+
"rwep": 93,
|
|
4168
|
+
"cvss": 8.1,
|
|
3488
4169
|
"cisa_kev": true,
|
|
3489
4170
|
"epss_score": null,
|
|
3490
4171
|
"referencing_skills": [
|
|
3491
4172
|
"kernel-lpe-triage",
|
|
3492
|
-
"
|
|
4173
|
+
"ai-c2-detection",
|
|
4174
|
+
"dlp-gap-analysis"
|
|
3493
4175
|
],
|
|
3494
4176
|
"chain": {
|
|
3495
4177
|
"cwes": [
|
|
@@ -3499,9 +4181,14 @@
|
|
|
3499
4181
|
"category": "Memory Safety"
|
|
3500
4182
|
},
|
|
3501
4183
|
{
|
|
3502
|
-
"id": "CWE-
|
|
3503
|
-
"name": "
|
|
3504
|
-
"category": "
|
|
4184
|
+
"id": "CWE-1426",
|
|
4185
|
+
"name": "Improper Validation of Generative AI Output",
|
|
4186
|
+
"category": "AI/ML"
|
|
4187
|
+
},
|
|
4188
|
+
{
|
|
4189
|
+
"id": "CWE-200",
|
|
4190
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
4191
|
+
"category": "Information Exposure"
|
|
3505
4192
|
},
|
|
3506
4193
|
{
|
|
3507
4194
|
"id": "CWE-362",
|
|
@@ -3524,18 +4211,69 @@
|
|
|
3524
4211
|
"category": "Memory Safety"
|
|
3525
4212
|
}
|
|
3526
4213
|
],
|
|
3527
|
-
"atlas": [
|
|
4214
|
+
"atlas": [
|
|
4215
|
+
{
|
|
4216
|
+
"id": "AML.T0017",
|
|
4217
|
+
"name": "Discover ML Model Ontology",
|
|
4218
|
+
"tactic": "Discovery"
|
|
4219
|
+
},
|
|
4220
|
+
{
|
|
4221
|
+
"id": "AML.T0051",
|
|
4222
|
+
"name": "LLM Prompt Injection",
|
|
4223
|
+
"tactic": "Execution"
|
|
4224
|
+
},
|
|
4225
|
+
{
|
|
4226
|
+
"id": "AML.T0096",
|
|
4227
|
+
"name": "AI API as Covert C2 Channel",
|
|
4228
|
+
"tactic": "Command and Control"
|
|
4229
|
+
}
|
|
4230
|
+
],
|
|
3528
4231
|
"d3fend": [
|
|
3529
4232
|
{
|
|
3530
4233
|
"id": "D3-ASLR",
|
|
3531
4234
|
"name": "Address Space Layout Randomization",
|
|
3532
4235
|
"tactic": "Harden"
|
|
3533
4236
|
},
|
|
4237
|
+
{
|
|
4238
|
+
"id": "D3-CA",
|
|
4239
|
+
"name": "Certificate Analysis",
|
|
4240
|
+
"tactic": "Detect"
|
|
4241
|
+
},
|
|
4242
|
+
{
|
|
4243
|
+
"id": "D3-CSPP",
|
|
4244
|
+
"name": "Client-server Payload Profiling",
|
|
4245
|
+
"tactic": "Detect"
|
|
4246
|
+
},
|
|
4247
|
+
{
|
|
4248
|
+
"id": "D3-DA",
|
|
4249
|
+
"name": "Domain Analysis",
|
|
4250
|
+
"tactic": "Detect"
|
|
4251
|
+
},
|
|
3534
4252
|
{
|
|
3535
4253
|
"id": "D3-EAL",
|
|
3536
4254
|
"name": "Executable Allowlisting",
|
|
3537
4255
|
"tactic": "Harden"
|
|
3538
4256
|
},
|
|
4257
|
+
{
|
|
4258
|
+
"id": "D3-IOPR",
|
|
4259
|
+
"name": "Input/Output Profiling Resource",
|
|
4260
|
+
"tactic": "Detect"
|
|
4261
|
+
},
|
|
4262
|
+
{
|
|
4263
|
+
"id": "D3-NI",
|
|
4264
|
+
"name": "Network Isolation",
|
|
4265
|
+
"tactic": "Isolate"
|
|
4266
|
+
},
|
|
4267
|
+
{
|
|
4268
|
+
"id": "D3-NTA",
|
|
4269
|
+
"name": "Network Traffic Analysis",
|
|
4270
|
+
"tactic": "Detect"
|
|
4271
|
+
},
|
|
4272
|
+
{
|
|
4273
|
+
"id": "D3-NTPM",
|
|
4274
|
+
"name": "Network Traffic Policy Mapping",
|
|
4275
|
+
"tactic": "Model"
|
|
4276
|
+
},
|
|
3539
4277
|
{
|
|
3540
4278
|
"id": "D3-PHRA",
|
|
3541
4279
|
"name": "Process Hardware Resource Access",
|
|
@@ -3553,20 +4291,40 @@
|
|
|
3553
4291
|
"framework": "CIS Controls v8",
|
|
3554
4292
|
"control_name": "Continuous Vulnerability Management"
|
|
3555
4293
|
},
|
|
4294
|
+
{
|
|
4295
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
4296
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
4297
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
4298
|
+
},
|
|
4299
|
+
{
|
|
4300
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
4301
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4302
|
+
"control_name": "Monitoring activities"
|
|
4303
|
+
},
|
|
3556
4304
|
{
|
|
3557
4305
|
"id": "ISO-27001-2022-A.8.8",
|
|
3558
4306
|
"framework": "ISO/IEC 27001:2022",
|
|
3559
4307
|
"control_name": "Management of technical vulnerabilities"
|
|
3560
4308
|
},
|
|
4309
|
+
{
|
|
4310
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
4311
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
4312
|
+
"control_name": "AI risk assessment"
|
|
4313
|
+
},
|
|
3561
4314
|
{
|
|
3562
4315
|
"id": "NIS2-Art21-patch-management",
|
|
3563
4316
|
"framework": "EU NIS2 Directive",
|
|
3564
4317
|
"control_name": "Vulnerability handling and disclosure"
|
|
3565
4318
|
},
|
|
3566
4319
|
{
|
|
3567
|
-
"id": "NIST-800-
|
|
3568
|
-
"framework": "NIST SP 800-
|
|
3569
|
-
"control_name": "
|
|
4320
|
+
"id": "NIST-800-53-SC-28",
|
|
4321
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4322
|
+
"control_name": "Protection of Information at Rest"
|
|
4323
|
+
},
|
|
4324
|
+
{
|
|
4325
|
+
"id": "NIST-800-53-SC-7",
|
|
4326
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4327
|
+
"control_name": "Boundary Protection"
|
|
3570
4328
|
},
|
|
3571
4329
|
{
|
|
3572
4330
|
"id": "NIST-800-53-SC-8",
|
|
@@ -3578,60 +4336,75 @@
|
|
|
3578
4336
|
"framework": "NIST SP 800-53 Rev 5",
|
|
3579
4337
|
"control_name": "Flaw Remediation"
|
|
3580
4338
|
},
|
|
4339
|
+
{
|
|
4340
|
+
"id": "NIST-800-53-SI-3",
|
|
4341
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4342
|
+
"control_name": "Malicious Code Protection"
|
|
4343
|
+
},
|
|
3581
4344
|
{
|
|
3582
4345
|
"id": "PCI-DSS-4.0-6.3.3",
|
|
3583
4346
|
"framework": "PCI DSS 4.0",
|
|
3584
4347
|
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
3585
4348
|
},
|
|
3586
4349
|
{
|
|
3587
|
-
"id": "SOC2-
|
|
4350
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
3588
4351
|
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
3589
|
-
"control_name": "
|
|
4352
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
3590
4353
|
}
|
|
3591
4354
|
],
|
|
3592
4355
|
"attack_refs": [
|
|
4356
|
+
"T1041",
|
|
3593
4357
|
"T1068",
|
|
3594
|
-
"
|
|
4358
|
+
"T1071",
|
|
4359
|
+
"T1102",
|
|
4360
|
+
"T1213",
|
|
4361
|
+
"T1530",
|
|
4362
|
+
"T1548.001",
|
|
4363
|
+
"T1567",
|
|
4364
|
+
"T1568"
|
|
3595
4365
|
],
|
|
3596
4366
|
"rfc_refs": [
|
|
3597
4367
|
"RFC-4301",
|
|
3598
4368
|
"RFC-4303",
|
|
3599
|
-
"RFC-7296"
|
|
4369
|
+
"RFC-7296",
|
|
4370
|
+
"RFC-8446",
|
|
4371
|
+
"RFC-9000",
|
|
4372
|
+
"RFC-9114",
|
|
4373
|
+
"RFC-9180",
|
|
4374
|
+
"RFC-9421",
|
|
4375
|
+
"RFC-9458"
|
|
3600
4376
|
]
|
|
3601
4377
|
}
|
|
3602
4378
|
},
|
|
3603
|
-
"CVE-2026-
|
|
3604
|
-
"name": "
|
|
3605
|
-
"rwep":
|
|
3606
|
-
"cvss":
|
|
3607
|
-
"cisa_kev": true,
|
|
3608
|
-
"epss_score": null,
|
|
3609
|
-
"referencing_skills": [],
|
|
3610
|
-
"chain": {
|
|
3611
|
-
"cwes": [],
|
|
3612
|
-
"atlas": [],
|
|
3613
|
-
"d3fend": [],
|
|
3614
|
-
"framework_gaps": [],
|
|
3615
|
-
"attack_refs": [],
|
|
3616
|
-
"rfc_refs": []
|
|
3617
|
-
}
|
|
3618
|
-
},
|
|
3619
|
-
"CVE-2026-6973": {
|
|
3620
|
-
"name": "Ivanti EPMM Authenticated-Admin RCE",
|
|
3621
|
-
"rwep": 62,
|
|
3622
|
-
"cvss": 7.2,
|
|
4379
|
+
"CVE-2026-32202": {
|
|
4380
|
+
"name": "Microsoft Windows Shell LNK Mark-of-the-Web Bypass (APT28)",
|
|
4381
|
+
"rwep": 85,
|
|
4382
|
+
"cvss": 7.5,
|
|
3623
4383
|
"cisa_kev": true,
|
|
3624
4384
|
"epss_score": null,
|
|
3625
4385
|
"referencing_skills": [
|
|
3626
|
-
"kernel-lpe-triage"
|
|
4386
|
+
"kernel-lpe-triage",
|
|
4387
|
+
"ai-attack-surface",
|
|
4388
|
+
"ai-c2-detection",
|
|
4389
|
+
"email-security-anti-phishing"
|
|
3627
4390
|
],
|
|
3628
4391
|
"chain": {
|
|
3629
4392
|
"cwes": [
|
|
4393
|
+
{
|
|
4394
|
+
"id": "CWE-1039",
|
|
4395
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
4396
|
+
"category": "AI/ML"
|
|
4397
|
+
},
|
|
3630
4398
|
{
|
|
3631
4399
|
"id": "CWE-125",
|
|
3632
4400
|
"name": "Out-of-bounds Read",
|
|
3633
4401
|
"category": "Memory Safety"
|
|
3634
4402
|
},
|
|
4403
|
+
{
|
|
4404
|
+
"id": "CWE-1426",
|
|
4405
|
+
"name": "Improper Validation of Generative AI Output",
|
|
4406
|
+
"category": "AI/ML"
|
|
4407
|
+
},
|
|
3635
4408
|
{
|
|
3636
4409
|
"id": "CWE-362",
|
|
3637
4410
|
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
@@ -3651,20 +4424,101 @@
|
|
|
3651
4424
|
"id": "CWE-787",
|
|
3652
4425
|
"name": "Out-of-bounds Write",
|
|
3653
4426
|
"category": "Memory Safety"
|
|
4427
|
+
},
|
|
4428
|
+
{
|
|
4429
|
+
"id": "CWE-94",
|
|
4430
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
4431
|
+
"category": "Injection"
|
|
4432
|
+
}
|
|
4433
|
+
],
|
|
4434
|
+
"atlas": [
|
|
4435
|
+
{
|
|
4436
|
+
"id": "AML.T0016",
|
|
4437
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
4438
|
+
"tactic": "Resource Development"
|
|
4439
|
+
},
|
|
4440
|
+
{
|
|
4441
|
+
"id": "AML.T0017",
|
|
4442
|
+
"name": "Discover ML Model Ontology",
|
|
4443
|
+
"tactic": "Discovery"
|
|
4444
|
+
},
|
|
4445
|
+
{
|
|
4446
|
+
"id": "AML.T0018",
|
|
4447
|
+
"name": "Backdoor ML Model",
|
|
4448
|
+
"tactic": "Persistence"
|
|
4449
|
+
},
|
|
4450
|
+
{
|
|
4451
|
+
"id": "AML.T0020",
|
|
4452
|
+
"name": "Poison Training Data",
|
|
4453
|
+
"tactic": "ML Attack Staging"
|
|
4454
|
+
},
|
|
4455
|
+
{
|
|
4456
|
+
"id": "AML.T0043",
|
|
4457
|
+
"name": "Craft Adversarial Data",
|
|
4458
|
+
"tactic": "ML Attack Staging"
|
|
4459
|
+
},
|
|
4460
|
+
{
|
|
4461
|
+
"id": "AML.T0051",
|
|
4462
|
+
"name": "LLM Prompt Injection",
|
|
4463
|
+
"tactic": "Execution"
|
|
4464
|
+
},
|
|
4465
|
+
{
|
|
4466
|
+
"id": "AML.T0054",
|
|
4467
|
+
"name": "LLM Jailbreak",
|
|
4468
|
+
"tactic": "Defense Evasion"
|
|
4469
|
+
},
|
|
4470
|
+
{
|
|
4471
|
+
"id": "AML.T0096",
|
|
4472
|
+
"name": "AI API as Covert C2 Channel",
|
|
4473
|
+
"tactic": "Command and Control"
|
|
3654
4474
|
}
|
|
3655
4475
|
],
|
|
3656
|
-
"atlas": [],
|
|
3657
4476
|
"d3fend": [
|
|
3658
4477
|
{
|
|
3659
4478
|
"id": "D3-ASLR",
|
|
3660
4479
|
"name": "Address Space Layout Randomization",
|
|
3661
4480
|
"tactic": "Harden"
|
|
3662
4481
|
},
|
|
4482
|
+
{
|
|
4483
|
+
"id": "D3-CA",
|
|
4484
|
+
"name": "Certificate Analysis",
|
|
4485
|
+
"tactic": "Detect"
|
|
4486
|
+
},
|
|
4487
|
+
{
|
|
4488
|
+
"id": "D3-CSPP",
|
|
4489
|
+
"name": "Client-server Payload Profiling",
|
|
4490
|
+
"tactic": "Detect"
|
|
4491
|
+
},
|
|
4492
|
+
{
|
|
4493
|
+
"id": "D3-DA",
|
|
4494
|
+
"name": "Domain Analysis",
|
|
4495
|
+
"tactic": "Detect"
|
|
4496
|
+
},
|
|
3663
4497
|
{
|
|
3664
4498
|
"id": "D3-EAL",
|
|
3665
4499
|
"name": "Executable Allowlisting",
|
|
3666
4500
|
"tactic": "Harden"
|
|
3667
4501
|
},
|
|
4502
|
+
{
|
|
4503
|
+
"id": "D3-IOPR",
|
|
4504
|
+
"name": "Input/Output Profiling Resource",
|
|
4505
|
+
"tactic": "Detect"
|
|
4506
|
+
},
|
|
4507
|
+
{
|
|
4508
|
+
"id": "D3-NI",
|
|
4509
|
+
"name": "Network Isolation",
|
|
4510
|
+
"tactic": "Isolate"
|
|
4511
|
+
},
|
|
4512
|
+
{
|
|
4513
|
+
"id": "D3-NTA",
|
|
4514
|
+
"name": "Network Traffic Analysis",
|
|
4515
|
+
"tactic": "Detect"
|
|
4516
|
+
},
|
|
4517
|
+
{
|
|
4518
|
+
"id": "D3-NTPM",
|
|
4519
|
+
"name": "Network Traffic Policy Mapping",
|
|
4520
|
+
"tactic": "Model"
|
|
4521
|
+
},
|
|
3668
4522
|
{
|
|
3669
4523
|
"id": "D3-PHRA",
|
|
3670
4524
|
"name": "Process Hardware Resource Access",
|
|
@@ -3677,21 +4531,56 @@
|
|
|
3677
4531
|
}
|
|
3678
4532
|
],
|
|
3679
4533
|
"framework_gaps": [
|
|
4534
|
+
{
|
|
4535
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
4536
|
+
"framework": "ALL",
|
|
4537
|
+
"control_name": "AI Pipeline Integrity"
|
|
4538
|
+
},
|
|
4539
|
+
{
|
|
4540
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
4541
|
+
"framework": "ALL",
|
|
4542
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
4543
|
+
},
|
|
3680
4544
|
{
|
|
3681
4545
|
"id": "CIS-Controls-v8-Control7",
|
|
3682
4546
|
"framework": "CIS Controls v8",
|
|
3683
4547
|
"control_name": "Continuous Vulnerability Management"
|
|
3684
4548
|
},
|
|
4549
|
+
{
|
|
4550
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
4551
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4552
|
+
"control_name": "Monitoring activities"
|
|
4553
|
+
},
|
|
4554
|
+
{
|
|
4555
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
4556
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4557
|
+
"control_name": "Secure coding"
|
|
4558
|
+
},
|
|
3685
4559
|
{
|
|
3686
4560
|
"id": "ISO-27001-2022-A.8.8",
|
|
3687
4561
|
"framework": "ISO/IEC 27001:2022",
|
|
3688
4562
|
"control_name": "Management of technical vulnerabilities"
|
|
3689
4563
|
},
|
|
4564
|
+
{
|
|
4565
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
4566
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
4567
|
+
"control_name": "AI risk management process"
|
|
4568
|
+
},
|
|
3690
4569
|
{
|
|
3691
4570
|
"id": "NIS2-Art21-patch-management",
|
|
3692
4571
|
"framework": "EU NIS2 Directive",
|
|
3693
4572
|
"control_name": "Vulnerability handling and disclosure"
|
|
3694
4573
|
},
|
|
4574
|
+
{
|
|
4575
|
+
"id": "NIST-800-53-AC-2",
|
|
4576
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4577
|
+
"control_name": "Account Management"
|
|
4578
|
+
},
|
|
4579
|
+
{
|
|
4580
|
+
"id": "NIST-800-53-SC-7",
|
|
4581
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4582
|
+
"control_name": "Boundary Protection"
|
|
4583
|
+
},
|
|
3695
4584
|
{
|
|
3696
4585
|
"id": "NIST-800-53-SC-8",
|
|
3697
4586
|
"framework": "NIST SP 800-53 Rev 5",
|
|
@@ -3702,36 +4591,83 @@
|
|
|
3702
4591
|
"framework": "NIST SP 800-53 Rev 5",
|
|
3703
4592
|
"control_name": "Flaw Remediation"
|
|
3704
4593
|
},
|
|
4594
|
+
{
|
|
4595
|
+
"id": "NIST-800-53-SI-3",
|
|
4596
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
4597
|
+
"control_name": "Malicious Code Protection"
|
|
4598
|
+
},
|
|
4599
|
+
{
|
|
4600
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
4601
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4602
|
+
"control_name": "Prompt Injection"
|
|
4603
|
+
},
|
|
4604
|
+
{
|
|
4605
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
4606
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4607
|
+
"control_name": "Sensitive Information Disclosure"
|
|
4608
|
+
},
|
|
3705
4609
|
{
|
|
3706
4610
|
"id": "PCI-DSS-4.0-6.3.3",
|
|
3707
4611
|
"framework": "PCI DSS 4.0",
|
|
3708
4612
|
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
4613
|
+
},
|
|
4614
|
+
{
|
|
4615
|
+
"id": "SOC2-CC6-logical-access",
|
|
4616
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4617
|
+
"control_name": "Logical and Physical Access Controls"
|
|
4618
|
+
},
|
|
4619
|
+
{
|
|
4620
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
4621
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4622
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
3709
4623
|
}
|
|
3710
4624
|
],
|
|
3711
4625
|
"attack_refs": [
|
|
4626
|
+
"T1059",
|
|
3712
4627
|
"T1068",
|
|
3713
|
-
"
|
|
4628
|
+
"T1071",
|
|
4629
|
+
"T1078",
|
|
4630
|
+
"T1102",
|
|
4631
|
+
"T1190",
|
|
4632
|
+
"T1548.001",
|
|
4633
|
+
"T1566",
|
|
4634
|
+
"T1566.001",
|
|
4635
|
+
"T1566.002",
|
|
4636
|
+
"T1566.003",
|
|
4637
|
+
"T1568"
|
|
3714
4638
|
],
|
|
3715
4639
|
"rfc_refs": [
|
|
3716
4640
|
"RFC-4301",
|
|
3717
4641
|
"RFC-4303",
|
|
3718
|
-
"RFC-7296"
|
|
4642
|
+
"RFC-7296",
|
|
4643
|
+
"RFC-8446",
|
|
4644
|
+
"RFC-9000",
|
|
4645
|
+
"RFC-9114",
|
|
4646
|
+
"RFC-9180",
|
|
4647
|
+
"RFC-9421",
|
|
4648
|
+
"RFC-9458"
|
|
3719
4649
|
]
|
|
3720
4650
|
}
|
|
3721
4651
|
},
|
|
3722
|
-
"CVE-2026-
|
|
3723
|
-
"name": "
|
|
3724
|
-
"rwep":
|
|
3725
|
-
"cvss": 8
|
|
4652
|
+
"CVE-2026-33825": {
|
|
4653
|
+
"name": "BlueHammer — Microsoft Defender File-Remediation TOCTOU LPE",
|
|
4654
|
+
"rwep": 68,
|
|
4655
|
+
"cvss": 7.8,
|
|
3726
4656
|
"cisa_kev": true,
|
|
3727
4657
|
"epss_score": null,
|
|
3728
4658
|
"referencing_skills": [
|
|
3729
4659
|
"kernel-lpe-triage",
|
|
4660
|
+
"ai-attack-surface",
|
|
3730
4661
|
"ai-c2-detection",
|
|
3731
|
-
"
|
|
4662
|
+
"email-security-anti-phishing"
|
|
3732
4663
|
],
|
|
3733
4664
|
"chain": {
|
|
3734
4665
|
"cwes": [
|
|
4666
|
+
{
|
|
4667
|
+
"id": "CWE-1039",
|
|
4668
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
4669
|
+
"category": "AI/ML"
|
|
4670
|
+
},
|
|
3735
4671
|
{
|
|
3736
4672
|
"id": "CWE-125",
|
|
3737
4673
|
"name": "Out-of-bounds Read",
|
|
@@ -3742,11 +4678,6 @@
|
|
|
3742
4678
|
"name": "Improper Validation of Generative AI Output",
|
|
3743
4679
|
"category": "AI/ML"
|
|
3744
4680
|
},
|
|
3745
|
-
{
|
|
3746
|
-
"id": "CWE-200",
|
|
3747
|
-
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
3748
|
-
"category": "Information Exposure"
|
|
3749
|
-
},
|
|
3750
4681
|
{
|
|
3751
4682
|
"id": "CWE-362",
|
|
3752
4683
|
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
@@ -3766,19 +4697,49 @@
|
|
|
3766
4697
|
"id": "CWE-787",
|
|
3767
4698
|
"name": "Out-of-bounds Write",
|
|
3768
4699
|
"category": "Memory Safety"
|
|
4700
|
+
},
|
|
4701
|
+
{
|
|
4702
|
+
"id": "CWE-94",
|
|
4703
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
4704
|
+
"category": "Injection"
|
|
3769
4705
|
}
|
|
3770
4706
|
],
|
|
3771
4707
|
"atlas": [
|
|
4708
|
+
{
|
|
4709
|
+
"id": "AML.T0016",
|
|
4710
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
4711
|
+
"tactic": "Resource Development"
|
|
4712
|
+
},
|
|
3772
4713
|
{
|
|
3773
4714
|
"id": "AML.T0017",
|
|
3774
4715
|
"name": "Discover ML Model Ontology",
|
|
3775
4716
|
"tactic": "Discovery"
|
|
3776
4717
|
},
|
|
4718
|
+
{
|
|
4719
|
+
"id": "AML.T0018",
|
|
4720
|
+
"name": "Backdoor ML Model",
|
|
4721
|
+
"tactic": "Persistence"
|
|
4722
|
+
},
|
|
4723
|
+
{
|
|
4724
|
+
"id": "AML.T0020",
|
|
4725
|
+
"name": "Poison Training Data",
|
|
4726
|
+
"tactic": "ML Attack Staging"
|
|
4727
|
+
},
|
|
4728
|
+
{
|
|
4729
|
+
"id": "AML.T0043",
|
|
4730
|
+
"name": "Craft Adversarial Data",
|
|
4731
|
+
"tactic": "ML Attack Staging"
|
|
4732
|
+
},
|
|
3777
4733
|
{
|
|
3778
4734
|
"id": "AML.T0051",
|
|
3779
4735
|
"name": "LLM Prompt Injection",
|
|
3780
4736
|
"tactic": "Execution"
|
|
3781
4737
|
},
|
|
4738
|
+
{
|
|
4739
|
+
"id": "AML.T0054",
|
|
4740
|
+
"name": "LLM Jailbreak",
|
|
4741
|
+
"tactic": "Defense Evasion"
|
|
4742
|
+
},
|
|
3782
4743
|
{
|
|
3783
4744
|
"id": "AML.T0096",
|
|
3784
4745
|
"name": "AI API as Covert C2 Channel",
|
|
@@ -3843,30 +4804,40 @@
|
|
|
3843
4804
|
}
|
|
3844
4805
|
],
|
|
3845
4806
|
"framework_gaps": [
|
|
4807
|
+
{
|
|
4808
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
4809
|
+
"framework": "ALL",
|
|
4810
|
+
"control_name": "AI Pipeline Integrity"
|
|
4811
|
+
},
|
|
4812
|
+
{
|
|
4813
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
4814
|
+
"framework": "ALL",
|
|
4815
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
4816
|
+
},
|
|
3846
4817
|
{
|
|
3847
4818
|
"id": "CIS-Controls-v8-Control7",
|
|
3848
4819
|
"framework": "CIS Controls v8",
|
|
3849
4820
|
"control_name": "Continuous Vulnerability Management"
|
|
3850
4821
|
},
|
|
3851
|
-
{
|
|
3852
|
-
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
3853
|
-
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
3854
|
-
"control_name": "Access control standard (technical safeguards)"
|
|
3855
|
-
},
|
|
3856
4822
|
{
|
|
3857
4823
|
"id": "ISO-27001-2022-A.8.16",
|
|
3858
4824
|
"framework": "ISO/IEC 27001:2022",
|
|
3859
4825
|
"control_name": "Monitoring activities"
|
|
3860
4826
|
},
|
|
4827
|
+
{
|
|
4828
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
4829
|
+
"framework": "ISO/IEC 27001:2022",
|
|
4830
|
+
"control_name": "Secure coding"
|
|
4831
|
+
},
|
|
3861
4832
|
{
|
|
3862
4833
|
"id": "ISO-27001-2022-A.8.8",
|
|
3863
4834
|
"framework": "ISO/IEC 27001:2022",
|
|
3864
4835
|
"control_name": "Management of technical vulnerabilities"
|
|
3865
4836
|
},
|
|
3866
4837
|
{
|
|
3867
|
-
"id": "ISO-IEC-
|
|
3868
|
-
"framework": "ISO/IEC
|
|
3869
|
-
"control_name": "AI risk
|
|
4838
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
4839
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
4840
|
+
"control_name": "AI risk management process"
|
|
3870
4841
|
},
|
|
3871
4842
|
{
|
|
3872
4843
|
"id": "NIS2-Art21-patch-management",
|
|
@@ -3874,9 +4845,9 @@
|
|
|
3874
4845
|
"control_name": "Vulnerability handling and disclosure"
|
|
3875
4846
|
},
|
|
3876
4847
|
{
|
|
3877
|
-
"id": "NIST-800-53-
|
|
4848
|
+
"id": "NIST-800-53-AC-2",
|
|
3878
4849
|
"framework": "NIST SP 800-53 Rev 5",
|
|
3879
|
-
"control_name": "
|
|
4850
|
+
"control_name": "Account Management"
|
|
3880
4851
|
},
|
|
3881
4852
|
{
|
|
3882
4853
|
"id": "NIST-800-53-SC-7",
|
|
@@ -3898,11 +4869,26 @@
|
|
|
3898
4869
|
"framework": "NIST SP 800-53 Rev 5",
|
|
3899
4870
|
"control_name": "Malicious Code Protection"
|
|
3900
4871
|
},
|
|
4872
|
+
{
|
|
4873
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
4874
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4875
|
+
"control_name": "Prompt Injection"
|
|
4876
|
+
},
|
|
4877
|
+
{
|
|
4878
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
4879
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4880
|
+
"control_name": "Sensitive Information Disclosure"
|
|
4881
|
+
},
|
|
3901
4882
|
{
|
|
3902
4883
|
"id": "PCI-DSS-4.0-6.3.3",
|
|
3903
4884
|
"framework": "PCI DSS 4.0",
|
|
3904
4885
|
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
3905
4886
|
},
|
|
4887
|
+
{
|
|
4888
|
+
"id": "SOC2-CC6-logical-access",
|
|
4889
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4890
|
+
"control_name": "Logical and Physical Access Controls"
|
|
4891
|
+
},
|
|
3906
4892
|
{
|
|
3907
4893
|
"id": "SOC2-CC7-anomaly-detection",
|
|
3908
4894
|
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
@@ -3910,14 +4896,17 @@
|
|
|
3910
4896
|
}
|
|
3911
4897
|
],
|
|
3912
4898
|
"attack_refs": [
|
|
3913
|
-
"
|
|
4899
|
+
"T1059",
|
|
3914
4900
|
"T1068",
|
|
3915
4901
|
"T1071",
|
|
4902
|
+
"T1078",
|
|
3916
4903
|
"T1102",
|
|
3917
|
-
"
|
|
3918
|
-
"T1530",
|
|
4904
|
+
"T1190",
|
|
3919
4905
|
"T1548.001",
|
|
3920
|
-
"
|
|
4906
|
+
"T1566",
|
|
4907
|
+
"T1566.001",
|
|
4908
|
+
"T1566.002",
|
|
4909
|
+
"T1566.003",
|
|
3921
4910
|
"T1568"
|
|
3922
4911
|
],
|
|
3923
4912
|
"rfc_refs": [
|
|
@@ -3933,34 +4922,90 @@
|
|
|
3933
4922
|
]
|
|
3934
4923
|
}
|
|
3935
4924
|
},
|
|
3936
|
-
"
|
|
3937
|
-
"name": "
|
|
3938
|
-
"rwep":
|
|
3939
|
-
"cvss":
|
|
3940
|
-
"cisa_kev":
|
|
4925
|
+
"MAL-2026-NODE-IPC-STEALER": {
|
|
4926
|
+
"name": "node-ipc credential-stealer (expired-domain account-recovery compromise)",
|
|
4927
|
+
"rwep": 43,
|
|
4928
|
+
"cvss": 9.8,
|
|
4929
|
+
"cisa_kev": false,
|
|
3941
4930
|
"epss_score": null,
|
|
3942
4931
|
"referencing_skills": [
|
|
3943
|
-
"
|
|
3944
|
-
"
|
|
3945
|
-
"
|
|
3946
|
-
"
|
|
4932
|
+
"fuzz-testing-strategy",
|
|
4933
|
+
"supply-chain-integrity",
|
|
4934
|
+
"coordinated-vuln-disclosure",
|
|
4935
|
+
"threat-modeling-methodology",
|
|
4936
|
+
"webapp-security",
|
|
4937
|
+
"sector-federal-government",
|
|
4938
|
+
"api-security",
|
|
4939
|
+
"container-runtime-security",
|
|
4940
|
+
"mlops-security",
|
|
4941
|
+
"idp-incident-response"
|
|
3947
4942
|
],
|
|
3948
4943
|
"chain": {
|
|
3949
4944
|
"cwes": [
|
|
3950
4945
|
{
|
|
3951
|
-
"id": "CWE-
|
|
3952
|
-
"name": "
|
|
3953
|
-
"category": "
|
|
4946
|
+
"id": "CWE-1188",
|
|
4947
|
+
"name": "Initialization of a Resource with an Insecure Default",
|
|
4948
|
+
"category": "Configuration"
|
|
4949
|
+
},
|
|
4950
|
+
{
|
|
4951
|
+
"id": "CWE-125",
|
|
4952
|
+
"name": "Out-of-bounds Read",
|
|
4953
|
+
"category": "Memory Safety"
|
|
4954
|
+
},
|
|
4955
|
+
{
|
|
4956
|
+
"id": "CWE-1357",
|
|
4957
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
4958
|
+
"category": "Supply Chain"
|
|
4959
|
+
},
|
|
4960
|
+
{
|
|
4961
|
+
"id": "CWE-1395",
|
|
4962
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
4963
|
+
"category": "Supply Chain"
|
|
4964
|
+
},
|
|
4965
|
+
{
|
|
4966
|
+
"id": "CWE-1426",
|
|
4967
|
+
"name": "Improper Validation of Generative AI Output",
|
|
4968
|
+
"category": "AI/ML"
|
|
4969
|
+
},
|
|
4970
|
+
{
|
|
4971
|
+
"id": "CWE-20",
|
|
4972
|
+
"name": "Improper Input Validation",
|
|
4973
|
+
"category": "Validation"
|
|
4974
|
+
},
|
|
4975
|
+
{
|
|
4976
|
+
"id": "CWE-200",
|
|
4977
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
4978
|
+
"category": "Information Exposure"
|
|
4979
|
+
},
|
|
4980
|
+
{
|
|
4981
|
+
"id": "CWE-22",
|
|
4982
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
4983
|
+
"category": "Path/Resource"
|
|
4984
|
+
},
|
|
4985
|
+
{
|
|
4986
|
+
"id": "CWE-269",
|
|
4987
|
+
"name": "Improper Privilege Management",
|
|
4988
|
+
"category": "Authorization"
|
|
4989
|
+
},
|
|
4990
|
+
{
|
|
4991
|
+
"id": "CWE-284",
|
|
4992
|
+
"name": "Improper Access Control",
|
|
4993
|
+
"category": "Access Control"
|
|
4994
|
+
},
|
|
4995
|
+
{
|
|
4996
|
+
"id": "CWE-287",
|
|
4997
|
+
"name": "Improper Authentication",
|
|
4998
|
+
"category": "Authentication"
|
|
3954
4999
|
},
|
|
3955
5000
|
{
|
|
3956
|
-
"id": "CWE-
|
|
3957
|
-
"name": "
|
|
3958
|
-
"category": "
|
|
5001
|
+
"id": "CWE-345",
|
|
5002
|
+
"name": "Insufficient Verification of Data Authenticity",
|
|
5003
|
+
"category": "Authenticity / Supply Chain"
|
|
3959
5004
|
},
|
|
3960
5005
|
{
|
|
3961
|
-
"id": "CWE-
|
|
3962
|
-
"name": "
|
|
3963
|
-
"category": "
|
|
5006
|
+
"id": "CWE-352",
|
|
5007
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
5008
|
+
"category": "Session"
|
|
3964
5009
|
},
|
|
3965
5010
|
{
|
|
3966
5011
|
"id": "CWE-362",
|
|
@@ -3973,15 +5018,75 @@
|
|
|
3973
5018
|
"category": "Memory Safety"
|
|
3974
5019
|
},
|
|
3975
5020
|
{
|
|
3976
|
-
"id": "CWE-
|
|
3977
|
-
"name": "
|
|
3978
|
-
"category": "
|
|
5021
|
+
"id": "CWE-434",
|
|
5022
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
5023
|
+
"category": "File Handling"
|
|
5024
|
+
},
|
|
5025
|
+
{
|
|
5026
|
+
"id": "CWE-494",
|
|
5027
|
+
"name": "Download of Code Without Integrity Check",
|
|
5028
|
+
"category": "Supply Chain"
|
|
5029
|
+
},
|
|
5030
|
+
{
|
|
5031
|
+
"id": "CWE-502",
|
|
5032
|
+
"name": "Deserialization of Untrusted Data",
|
|
5033
|
+
"category": "Serialization"
|
|
5034
|
+
},
|
|
5035
|
+
{
|
|
5036
|
+
"id": "CWE-522",
|
|
5037
|
+
"name": "Insufficiently Protected Credentials",
|
|
5038
|
+
"category": "Credentials Management"
|
|
5039
|
+
},
|
|
5040
|
+
{
|
|
5041
|
+
"id": "CWE-732",
|
|
5042
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
5043
|
+
"category": "Authorization"
|
|
5044
|
+
},
|
|
5045
|
+
{
|
|
5046
|
+
"id": "CWE-77",
|
|
5047
|
+
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
5048
|
+
"category": "Injection"
|
|
5049
|
+
},
|
|
5050
|
+
{
|
|
5051
|
+
"id": "CWE-78",
|
|
5052
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
5053
|
+
"category": "Injection"
|
|
3979
5054
|
},
|
|
3980
5055
|
{
|
|
3981
5056
|
"id": "CWE-787",
|
|
3982
5057
|
"name": "Out-of-bounds Write",
|
|
3983
5058
|
"category": "Memory Safety"
|
|
3984
5059
|
},
|
|
5060
|
+
{
|
|
5061
|
+
"id": "CWE-79",
|
|
5062
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
5063
|
+
"category": "Injection"
|
|
5064
|
+
},
|
|
5065
|
+
{
|
|
5066
|
+
"id": "CWE-829",
|
|
5067
|
+
"name": "Inclusion of Functionality from Untrusted Control Sphere",
|
|
5068
|
+
"category": "Supply Chain"
|
|
5069
|
+
},
|
|
5070
|
+
{
|
|
5071
|
+
"id": "CWE-862",
|
|
5072
|
+
"name": "Missing Authorization",
|
|
5073
|
+
"category": "Authorization"
|
|
5074
|
+
},
|
|
5075
|
+
{
|
|
5076
|
+
"id": "CWE-863",
|
|
5077
|
+
"name": "Incorrect Authorization",
|
|
5078
|
+
"category": "Authorization"
|
|
5079
|
+
},
|
|
5080
|
+
{
|
|
5081
|
+
"id": "CWE-89",
|
|
5082
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
5083
|
+
"category": "Injection"
|
|
5084
|
+
},
|
|
5085
|
+
{
|
|
5086
|
+
"id": "CWE-918",
|
|
5087
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
5088
|
+
"category": "Network"
|
|
5089
|
+
},
|
|
3985
5090
|
{
|
|
3986
5091
|
"id": "CWE-94",
|
|
3987
5092
|
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
@@ -3990,9 +5095,9 @@
|
|
|
3990
5095
|
],
|
|
3991
5096
|
"atlas": [
|
|
3992
5097
|
{
|
|
3993
|
-
"id": "AML.
|
|
3994
|
-
"name": "
|
|
3995
|
-
"tactic": "
|
|
5098
|
+
"id": "AML.T0010",
|
|
5099
|
+
"name": "ML Supply Chain Compromise",
|
|
5100
|
+
"tactic": "Initial Access"
|
|
3996
5101
|
},
|
|
3997
5102
|
{
|
|
3998
5103
|
"id": "AML.T0017",
|
|
@@ -4019,11 +5124,6 @@
|
|
|
4019
5124
|
"name": "LLM Prompt Injection",
|
|
4020
5125
|
"tactic": "Execution"
|
|
4021
5126
|
},
|
|
4022
|
-
{
|
|
4023
|
-
"id": "AML.T0054",
|
|
4024
|
-
"name": "LLM Jailbreak",
|
|
4025
|
-
"tactic": "Defense Evasion"
|
|
4026
|
-
},
|
|
4027
5127
|
{
|
|
4028
5128
|
"id": "AML.T0096",
|
|
4029
5129
|
"name": "AI API as Covert C2 Channel",
|
|
@@ -4032,55 +5132,35 @@
|
|
|
4032
5132
|
],
|
|
4033
5133
|
"d3fend": [
|
|
4034
5134
|
{
|
|
4035
|
-
"id": "D3-
|
|
4036
|
-
"name": "
|
|
5135
|
+
"id": "D3-CBAN",
|
|
5136
|
+
"name": "Certificate-based Authentication",
|
|
4037
5137
|
"tactic": "Harden"
|
|
4038
5138
|
},
|
|
4039
|
-
{
|
|
4040
|
-
"id": "D3-CA",
|
|
4041
|
-
"name": "Certificate Analysis",
|
|
4042
|
-
"tactic": "Detect"
|
|
4043
|
-
},
|
|
4044
|
-
{
|
|
4045
|
-
"id": "D3-CSPP",
|
|
4046
|
-
"name": "Client-server Payload Profiling",
|
|
4047
|
-
"tactic": "Detect"
|
|
4048
|
-
},
|
|
4049
|
-
{
|
|
4050
|
-
"id": "D3-DA",
|
|
4051
|
-
"name": "Domain Analysis",
|
|
4052
|
-
"tactic": "Detect"
|
|
4053
|
-
},
|
|
4054
5139
|
{
|
|
4055
5140
|
"id": "D3-EAL",
|
|
4056
5141
|
"name": "Executable Allowlisting",
|
|
4057
5142
|
"tactic": "Harden"
|
|
4058
5143
|
},
|
|
5144
|
+
{
|
|
5145
|
+
"id": "D3-EHB",
|
|
5146
|
+
"name": "Executable Hashbased Allowlist",
|
|
5147
|
+
"tactic": "Harden"
|
|
5148
|
+
},
|
|
4059
5149
|
{
|
|
4060
5150
|
"id": "D3-IOPR",
|
|
4061
5151
|
"name": "Input/Output Profiling Resource",
|
|
4062
5152
|
"tactic": "Detect"
|
|
4063
5153
|
},
|
|
4064
5154
|
{
|
|
4065
|
-
"id": "D3-
|
|
4066
|
-
"name": "
|
|
4067
|
-
"tactic": "
|
|
5155
|
+
"id": "D3-MFA",
|
|
5156
|
+
"name": "Multi-factor Authentication",
|
|
5157
|
+
"tactic": "Harden"
|
|
4068
5158
|
},
|
|
4069
5159
|
{
|
|
4070
5160
|
"id": "D3-NTA",
|
|
4071
5161
|
"name": "Network Traffic Analysis",
|
|
4072
5162
|
"tactic": "Detect"
|
|
4073
5163
|
},
|
|
4074
|
-
{
|
|
4075
|
-
"id": "D3-NTPM",
|
|
4076
|
-
"name": "Network Traffic Policy Mapping",
|
|
4077
|
-
"tactic": "Model"
|
|
4078
|
-
},
|
|
4079
|
-
{
|
|
4080
|
-
"id": "D3-PHRA",
|
|
4081
|
-
"name": "Process Hardware Resource Access",
|
|
4082
|
-
"tactic": "Isolate"
|
|
4083
|
-
},
|
|
4084
5164
|
{
|
|
4085
5165
|
"id": "D3-PSEP",
|
|
4086
5166
|
"name": "Process Segment Execution Prevention",
|
|
@@ -4089,24 +5169,39 @@
|
|
|
4089
5169
|
],
|
|
4090
5170
|
"framework_gaps": [
|
|
4091
5171
|
{
|
|
4092
|
-
"id": "
|
|
4093
|
-
"framework": "
|
|
4094
|
-
"control_name": "
|
|
5172
|
+
"id": "AU-ISM-1559-IdP",
|
|
5173
|
+
"framework": "AU ISM",
|
|
5174
|
+
"control_name": "Privileged Account Credential Management — IdP-tenant control-plane extension"
|
|
4095
5175
|
},
|
|
4096
5176
|
{
|
|
4097
|
-
"id": "
|
|
4098
|
-
"framework": "
|
|
4099
|
-
"control_name": "
|
|
5177
|
+
"id": "CMMC-2.0-Level-2",
|
|
5178
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
5179
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
4100
5180
|
},
|
|
4101
5181
|
{
|
|
4102
|
-
"id": "
|
|
4103
|
-
"framework": "
|
|
4104
|
-
"control_name": "
|
|
5182
|
+
"id": "CycloneDX-v1.6-SBOM",
|
|
5183
|
+
"framework": "CycloneDX v1.6 (OWASP SBOM standard)",
|
|
5184
|
+
"control_name": "Software Bill of Materials"
|
|
4105
5185
|
},
|
|
4106
5186
|
{
|
|
4107
|
-
"id": "
|
|
5187
|
+
"id": "DORA-Art-19-IdP-4h",
|
|
5188
|
+
"framework": "EU DORA",
|
|
5189
|
+
"control_name": "Major-ICT-related-incident notification — IdP-specific 4-hour clock"
|
|
5190
|
+
},
|
|
5191
|
+
{
|
|
5192
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
5193
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
5194
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
5195
|
+
},
|
|
5196
|
+
{
|
|
5197
|
+
"id": "HITRUST-CSF-v11.4-09.l",
|
|
5198
|
+
"framework": "HITRUST CSF v11.4",
|
|
5199
|
+
"control_name": "Outsourced services management"
|
|
5200
|
+
},
|
|
5201
|
+
{
|
|
5202
|
+
"id": "ISO-27001-2022-A.5.16-Federated",
|
|
4108
5203
|
"framework": "ISO/IEC 27001:2022",
|
|
4109
|
-
"control_name": "
|
|
5204
|
+
"control_name": "Identity Management + Authentication Information — federated-state extension"
|
|
4110
5205
|
},
|
|
4111
5206
|
{
|
|
4112
5207
|
"id": "ISO-27001-2022-A.8.28",
|
|
@@ -4124,9 +5219,24 @@
|
|
|
4124
5219
|
"control_name": "AI risk management process"
|
|
4125
5220
|
},
|
|
4126
5221
|
{
|
|
4127
|
-
"id": "
|
|
5222
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
5223
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
5224
|
+
"control_name": "AI risk assessment"
|
|
5225
|
+
},
|
|
5226
|
+
{
|
|
5227
|
+
"id": "NIS2-Art-21-Federated-Identity",
|
|
4128
5228
|
"framework": "EU NIS2 Directive",
|
|
4129
|
-
"control_name": "
|
|
5229
|
+
"control_name": "Cryptography + Access Control — federated-identity extension"
|
|
5230
|
+
},
|
|
5231
|
+
{
|
|
5232
|
+
"id": "NIST-800-115",
|
|
5233
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
5234
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
5235
|
+
},
|
|
5236
|
+
{
|
|
5237
|
+
"id": "NIST-800-218-SSDF",
|
|
5238
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
5239
|
+
"control_name": "Secure Software Development Framework"
|
|
4130
5240
|
},
|
|
4131
5241
|
{
|
|
4132
5242
|
"id": "NIST-800-53-AC-2",
|
|
@@ -4134,24 +5244,34 @@
|
|
|
4134
5244
|
"control_name": "Account Management"
|
|
4135
5245
|
},
|
|
4136
5246
|
{
|
|
4137
|
-
"id": "NIST-800-53-
|
|
5247
|
+
"id": "NIST-800-53-CM-7",
|
|
4138
5248
|
"framework": "NIST SP 800-53 Rev 5",
|
|
4139
|
-
"control_name": "
|
|
5249
|
+
"control_name": "Least Functionality"
|
|
4140
5250
|
},
|
|
4141
5251
|
{
|
|
4142
|
-
"id": "NIST-800-53-
|
|
4143
|
-
"framework": "NIST
|
|
4144
|
-
"control_name": "
|
|
5252
|
+
"id": "NIST-800-53-IA-5-Federated",
|
|
5253
|
+
"framework": "NIST 800-53 Rev.5",
|
|
5254
|
+
"control_name": "Authenticator Management — federated-trust extension"
|
|
4145
5255
|
},
|
|
4146
5256
|
{
|
|
4147
|
-
"id": "NIST-800-53-
|
|
5257
|
+
"id": "NIST-800-53-SA-12",
|
|
4148
5258
|
"framework": "NIST SP 800-53 Rev 5",
|
|
4149
|
-
"control_name": "
|
|
5259
|
+
"control_name": "Supply Chain Protection"
|
|
4150
5260
|
},
|
|
4151
5261
|
{
|
|
4152
|
-
"id": "NIST-
|
|
4153
|
-
"framework": "NIST
|
|
4154
|
-
"control_name": "
|
|
5262
|
+
"id": "NIST-AI-RMF-MEASURE-2.5",
|
|
5263
|
+
"framework": "NIST AI RMF 1.0",
|
|
5264
|
+
"control_name": "AI system to human interaction evaluation"
|
|
5265
|
+
},
|
|
5266
|
+
{
|
|
5267
|
+
"id": "OFAC-Sanctions-Threat-Actor-Negotiation",
|
|
5268
|
+
"framework": "US Treasury OFAC + EU sanctions overlay + UK OFSI",
|
|
5269
|
+
"control_name": "Sanctions screening on ransomware-payment / threat-actor negotiation"
|
|
5270
|
+
},
|
|
5271
|
+
{
|
|
5272
|
+
"id": "OWASP-ASVS-v5.0-V14",
|
|
5273
|
+
"framework": "OWASP ASVS v5.0",
|
|
5274
|
+
"control_name": "Configuration verification"
|
|
4155
5275
|
},
|
|
4156
5276
|
{
|
|
4157
5277
|
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
@@ -4159,71 +5279,96 @@
|
|
|
4159
5279
|
"control_name": "Prompt Injection"
|
|
4160
5280
|
},
|
|
4161
5281
|
{
|
|
4162
|
-
"id": "OWASP-LLM-Top-10-2025-
|
|
5282
|
+
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
4163
5283
|
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4164
|
-
"control_name": "
|
|
5284
|
+
"control_name": "Vector and Embedding Weaknesses"
|
|
4165
5285
|
},
|
|
4166
5286
|
{
|
|
4167
|
-
"id": "
|
|
4168
|
-
"framework": "
|
|
4169
|
-
"control_name": "
|
|
5287
|
+
"id": "SLSA-v1.0-Build-L3",
|
|
5288
|
+
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
5289
|
+
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
4170
5290
|
},
|
|
4171
5291
|
{
|
|
4172
|
-
"id": "SOC2-CC6-
|
|
5292
|
+
"id": "SOC2-CC6-OAuth-Consent",
|
|
4173
5293
|
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4174
|
-
"control_name": "Logical and Physical Access Controls"
|
|
5294
|
+
"control_name": "Logical and Physical Access Controls — OAuth consent extension"
|
|
4175
5295
|
},
|
|
4176
5296
|
{
|
|
4177
|
-
"id": "SOC2-
|
|
5297
|
+
"id": "SOC2-CC9-vendor-management",
|
|
4178
5298
|
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4179
|
-
"control_name": "
|
|
5299
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
5300
|
+
},
|
|
5301
|
+
{
|
|
5302
|
+
"id": "SPDX-v3.0-SBOM",
|
|
5303
|
+
"framework": "SPDX v3.0 (ISO/IEC 5962-aligned SBOM standard)",
|
|
5304
|
+
"control_name": "Software Package Data Exchange — SBOM"
|
|
5305
|
+
},
|
|
5306
|
+
{
|
|
5307
|
+
"id": "SWIFT-CSCF-v2026-1.1",
|
|
5308
|
+
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
5309
|
+
"control_name": "SWIFT Environment Protection"
|
|
5310
|
+
},
|
|
5311
|
+
{
|
|
5312
|
+
"id": "UK-CAF-B2-IdP-Tenant",
|
|
5313
|
+
"framework": "UK NCSC CAF",
|
|
5314
|
+
"control_name": "Identity and Access Control — IdP-tenant control-plane extension"
|
|
5315
|
+
},
|
|
5316
|
+
{
|
|
5317
|
+
"id": "VEX-CSAF-v2.1",
|
|
5318
|
+
"framework": "VEX via OASIS CSAF 2.1 (Common Security Advisory Framework)",
|
|
5319
|
+
"control_name": "Vulnerability Exploitability eXchange profile"
|
|
4180
5320
|
}
|
|
4181
5321
|
],
|
|
4182
5322
|
"attack_refs": [
|
|
4183
5323
|
"T1059",
|
|
4184
5324
|
"T1068",
|
|
4185
|
-
"T1071",
|
|
4186
5325
|
"T1078",
|
|
4187
|
-
"
|
|
5326
|
+
"T1078.004",
|
|
5327
|
+
"T1098.001",
|
|
4188
5328
|
"T1190",
|
|
4189
|
-
"
|
|
4190
|
-
"
|
|
4191
|
-
"
|
|
4192
|
-
"
|
|
4193
|
-
"
|
|
4194
|
-
"
|
|
5329
|
+
"T1195.001",
|
|
5330
|
+
"T1195.002",
|
|
5331
|
+
"T1199",
|
|
5332
|
+
"T1505",
|
|
5333
|
+
"T1554",
|
|
5334
|
+
"T1556.007",
|
|
5335
|
+
"T1565",
|
|
5336
|
+
"T1567",
|
|
5337
|
+
"T1606.002",
|
|
5338
|
+
"T1610",
|
|
5339
|
+
"T1611"
|
|
4195
5340
|
],
|
|
4196
5341
|
"rfc_refs": [
|
|
4197
|
-
"RFC-
|
|
4198
|
-
"RFC-
|
|
4199
|
-
"RFC-
|
|
5342
|
+
"RFC-6749",
|
|
5343
|
+
"RFC-7519",
|
|
5344
|
+
"RFC-7591",
|
|
5345
|
+
"RFC-8032",
|
|
4200
5346
|
"RFC-8446",
|
|
4201
|
-
"RFC-
|
|
5347
|
+
"RFC-8725",
|
|
4202
5348
|
"RFC-9114",
|
|
4203
|
-
"RFC-9180",
|
|
4204
5349
|
"RFC-9421",
|
|
4205
|
-
"RFC-
|
|
5350
|
+
"RFC-9700"
|
|
4206
5351
|
]
|
|
4207
5352
|
}
|
|
4208
5353
|
},
|
|
4209
|
-
"CVE-2026-
|
|
4210
|
-
"name": "
|
|
4211
|
-
"rwep":
|
|
4212
|
-
"cvss": 7
|
|
4213
|
-
"cisa_kev":
|
|
4214
|
-
"epss_score": null,
|
|
5354
|
+
"CVE-2026-46333": {
|
|
5355
|
+
"name": "ssh-keysign-pwn",
|
|
5356
|
+
"rwep": 30,
|
|
5357
|
+
"cvss": 7,
|
|
5358
|
+
"cisa_kev": false,
|
|
4215
5359
|
"referencing_skills": [
|
|
4216
5360
|
"kernel-lpe-triage",
|
|
4217
|
-
"
|
|
4218
|
-
"
|
|
4219
|
-
"
|
|
5361
|
+
"attack-surface-pentest",
|
|
5362
|
+
"ot-ics-security",
|
|
5363
|
+
"coordinated-vuln-disclosure",
|
|
5364
|
+
"sector-energy"
|
|
4220
5365
|
],
|
|
4221
5366
|
"chain": {
|
|
4222
5367
|
"cwes": [
|
|
4223
5368
|
{
|
|
4224
|
-
"id": "CWE-
|
|
4225
|
-
"name": "
|
|
4226
|
-
"category": "
|
|
5369
|
+
"id": "CWE-1037",
|
|
5370
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
5371
|
+
"category": "Hardware / Side Channel"
|
|
4227
5372
|
},
|
|
4228
5373
|
{
|
|
4229
5374
|
"id": "CWE-125",
|
|
@@ -4231,9 +5376,39 @@
|
|
|
4231
5376
|
"category": "Memory Safety"
|
|
4232
5377
|
},
|
|
4233
5378
|
{
|
|
4234
|
-
"id": "CWE-
|
|
4235
|
-
"name": "
|
|
4236
|
-
"category": "
|
|
5379
|
+
"id": "CWE-1357",
|
|
5380
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
5381
|
+
"category": "Supply Chain"
|
|
5382
|
+
},
|
|
5383
|
+
{
|
|
5384
|
+
"id": "CWE-1395",
|
|
5385
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
5386
|
+
"category": "Supply Chain"
|
|
5387
|
+
},
|
|
5388
|
+
{
|
|
5389
|
+
"id": "CWE-22",
|
|
5390
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
5391
|
+
"category": "Path/Resource"
|
|
5392
|
+
},
|
|
5393
|
+
{
|
|
5394
|
+
"id": "CWE-269",
|
|
5395
|
+
"name": "Improper Privilege Management",
|
|
5396
|
+
"category": "Authorization"
|
|
5397
|
+
},
|
|
5398
|
+
{
|
|
5399
|
+
"id": "CWE-287",
|
|
5400
|
+
"name": "Improper Authentication",
|
|
5401
|
+
"category": "Authentication"
|
|
5402
|
+
},
|
|
5403
|
+
{
|
|
5404
|
+
"id": "CWE-306",
|
|
5405
|
+
"name": "Missing Authentication for Critical Function",
|
|
5406
|
+
"category": "Authentication"
|
|
5407
|
+
},
|
|
5408
|
+
{
|
|
5409
|
+
"id": "CWE-352",
|
|
5410
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
5411
|
+
"category": "Session"
|
|
4237
5412
|
},
|
|
4238
5413
|
{
|
|
4239
5414
|
"id": "CWE-362",
|
|
@@ -4245,42 +5420,57 @@
|
|
|
4245
5420
|
"name": "Use After Free",
|
|
4246
5421
|
"category": "Memory Safety"
|
|
4247
5422
|
},
|
|
5423
|
+
{
|
|
5424
|
+
"id": "CWE-434",
|
|
5425
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
5426
|
+
"category": "File Handling"
|
|
5427
|
+
},
|
|
4248
5428
|
{
|
|
4249
5429
|
"id": "CWE-672",
|
|
4250
5430
|
"name": "Operation on a Resource after Expiration or Release",
|
|
4251
5431
|
"category": "Memory Safety"
|
|
4252
5432
|
},
|
|
5433
|
+
{
|
|
5434
|
+
"id": "CWE-732",
|
|
5435
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
5436
|
+
"category": "Authorization"
|
|
5437
|
+
},
|
|
5438
|
+
{
|
|
5439
|
+
"id": "CWE-78",
|
|
5440
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
5441
|
+
"category": "Injection"
|
|
5442
|
+
},
|
|
4253
5443
|
{
|
|
4254
5444
|
"id": "CWE-787",
|
|
4255
5445
|
"name": "Out-of-bounds Write",
|
|
4256
5446
|
"category": "Memory Safety"
|
|
4257
5447
|
},
|
|
4258
5448
|
{
|
|
4259
|
-
"id": "CWE-
|
|
4260
|
-
"name": "Improper
|
|
5449
|
+
"id": "CWE-79",
|
|
5450
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
4261
5451
|
"category": "Injection"
|
|
4262
|
-
}
|
|
4263
|
-
],
|
|
4264
|
-
"atlas": [
|
|
4265
|
-
{
|
|
4266
|
-
"id": "AML.T0016",
|
|
4267
|
-
"name": "Obtain Capabilities: Develop Capabilities",
|
|
4268
|
-
"tactic": "Resource Development"
|
|
4269
5452
|
},
|
|
4270
5453
|
{
|
|
4271
|
-
"id": "
|
|
4272
|
-
"name": "
|
|
4273
|
-
"
|
|
5454
|
+
"id": "CWE-798",
|
|
5455
|
+
"name": "Use of Hard-coded Credentials",
|
|
5456
|
+
"category": "Credentials"
|
|
4274
5457
|
},
|
|
4275
5458
|
{
|
|
4276
|
-
"id": "
|
|
4277
|
-
"name": "
|
|
4278
|
-
"
|
|
5459
|
+
"id": "CWE-89",
|
|
5460
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
5461
|
+
"category": "Injection"
|
|
4279
5462
|
},
|
|
4280
5463
|
{
|
|
4281
|
-
"id": "
|
|
4282
|
-
"name": "
|
|
4283
|
-
"
|
|
5464
|
+
"id": "CWE-918",
|
|
5465
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
5466
|
+
"category": "Network"
|
|
5467
|
+
}
|
|
5468
|
+
],
|
|
5469
|
+
"atlas": [
|
|
5470
|
+
{
|
|
5471
|
+
"id": "AML.T0010",
|
|
5472
|
+
"name": "ML Supply Chain Compromise",
|
|
5473
|
+
"tactic": "Initial Access"
|
|
4284
5474
|
},
|
|
4285
5475
|
{
|
|
4286
5476
|
"id": "AML.T0043",
|
|
@@ -4291,16 +5481,6 @@
|
|
|
4291
5481
|
"id": "AML.T0051",
|
|
4292
5482
|
"name": "LLM Prompt Injection",
|
|
4293
5483
|
"tactic": "Execution"
|
|
4294
|
-
},
|
|
4295
|
-
{
|
|
4296
|
-
"id": "AML.T0054",
|
|
4297
|
-
"name": "LLM Jailbreak",
|
|
4298
|
-
"tactic": "Defense Evasion"
|
|
4299
|
-
},
|
|
4300
|
-
{
|
|
4301
|
-
"id": "AML.T0096",
|
|
4302
|
-
"name": "AI API as Covert C2 Channel",
|
|
4303
|
-
"tactic": "Command and Control"
|
|
4304
5484
|
}
|
|
4305
5485
|
],
|
|
4306
5486
|
"d3fend": [
|
|
@@ -4309,46 +5489,21 @@
|
|
|
4309
5489
|
"name": "Address Space Layout Randomization",
|
|
4310
5490
|
"tactic": "Harden"
|
|
4311
5491
|
},
|
|
4312
|
-
{
|
|
4313
|
-
"id": "D3-CA",
|
|
4314
|
-
"name": "Certificate Analysis",
|
|
4315
|
-
"tactic": "Detect"
|
|
4316
|
-
},
|
|
4317
5492
|
{
|
|
4318
5493
|
"id": "D3-CSPP",
|
|
4319
5494
|
"name": "Client-server Payload Profiling",
|
|
4320
5495
|
"tactic": "Detect"
|
|
4321
5496
|
},
|
|
4322
|
-
{
|
|
4323
|
-
"id": "D3-DA",
|
|
4324
|
-
"name": "Domain Analysis",
|
|
4325
|
-
"tactic": "Detect"
|
|
4326
|
-
},
|
|
4327
5497
|
{
|
|
4328
5498
|
"id": "D3-EAL",
|
|
4329
5499
|
"name": "Executable Allowlisting",
|
|
4330
5500
|
"tactic": "Harden"
|
|
4331
5501
|
},
|
|
4332
|
-
{
|
|
4333
|
-
"id": "D3-IOPR",
|
|
4334
|
-
"name": "Input/Output Profiling Resource",
|
|
4335
|
-
"tactic": "Detect"
|
|
4336
|
-
},
|
|
4337
|
-
{
|
|
4338
|
-
"id": "D3-NI",
|
|
4339
|
-
"name": "Network Isolation",
|
|
4340
|
-
"tactic": "Isolate"
|
|
4341
|
-
},
|
|
4342
5502
|
{
|
|
4343
5503
|
"id": "D3-NTA",
|
|
4344
5504
|
"name": "Network Traffic Analysis",
|
|
4345
5505
|
"tactic": "Detect"
|
|
4346
5506
|
},
|
|
4347
|
-
{
|
|
4348
|
-
"id": "D3-NTPM",
|
|
4349
|
-
"name": "Network Traffic Policy Mapping",
|
|
4350
|
-
"tactic": "Model"
|
|
4351
|
-
},
|
|
4352
5507
|
{
|
|
4353
5508
|
"id": "D3-PHRA",
|
|
4354
5509
|
"name": "Process Hardware Resource Access",
|
|
@@ -4361,30 +5516,15 @@
|
|
|
4361
5516
|
}
|
|
4362
5517
|
],
|
|
4363
5518
|
"framework_gaps": [
|
|
4364
|
-
{
|
|
4365
|
-
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
4366
|
-
"framework": "ALL",
|
|
4367
|
-
"control_name": "AI Pipeline Integrity"
|
|
4368
|
-
},
|
|
4369
|
-
{
|
|
4370
|
-
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
4371
|
-
"framework": "ALL",
|
|
4372
|
-
"control_name": "Prompt Injection as Access Control Failure"
|
|
4373
|
-
},
|
|
4374
5519
|
{
|
|
4375
5520
|
"id": "CIS-Controls-v8-Control7",
|
|
4376
5521
|
"framework": "CIS Controls v8",
|
|
4377
5522
|
"control_name": "Continuous Vulnerability Management"
|
|
4378
5523
|
},
|
|
4379
5524
|
{
|
|
4380
|
-
"id": "
|
|
4381
|
-
"framework": "
|
|
4382
|
-
"control_name": "
|
|
4383
|
-
},
|
|
4384
|
-
{
|
|
4385
|
-
"id": "ISO-27001-2022-A.8.28",
|
|
4386
|
-
"framework": "ISO/IEC 27001:2022",
|
|
4387
|
-
"control_name": "Secure coding"
|
|
5525
|
+
"id": "IEC-62443-3-3",
|
|
5526
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
5527
|
+
"control_name": "System security requirements and security levels"
|
|
4388
5528
|
},
|
|
4389
5529
|
{
|
|
4390
5530
|
"id": "ISO-27001-2022-A.8.8",
|
|
@@ -4392,9 +5532,9 @@
|
|
|
4392
5532
|
"control_name": "Management of technical vulnerabilities"
|
|
4393
5533
|
},
|
|
4394
5534
|
{
|
|
4395
|
-
"id": "
|
|
4396
|
-
"framework": "
|
|
4397
|
-
"control_name": "
|
|
5535
|
+
"id": "NERC-CIP-007-6-R4",
|
|
5536
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
5537
|
+
"control_name": "Security event monitoring"
|
|
4398
5538
|
},
|
|
4399
5539
|
{
|
|
4400
5540
|
"id": "NIS2-Art21-patch-management",
|
|
@@ -4402,14 +5542,14 @@
|
|
|
4402
5542
|
"control_name": "Vulnerability handling and disclosure"
|
|
4403
5543
|
},
|
|
4404
5544
|
{
|
|
4405
|
-
"id": "NIST-800-
|
|
4406
|
-
"framework": "NIST SP 800-
|
|
4407
|
-
"control_name": "
|
|
5545
|
+
"id": "NIST-800-115",
|
|
5546
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
5547
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
4408
5548
|
},
|
|
4409
5549
|
{
|
|
4410
|
-
"id": "NIST-800-
|
|
4411
|
-
"framework": "NIST SP 800-
|
|
4412
|
-
"control_name": "
|
|
5550
|
+
"id": "NIST-800-218-SSDF",
|
|
5551
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
5552
|
+
"control_name": "Secure Software Development Framework"
|
|
4413
5553
|
},
|
|
4414
5554
|
{
|
|
4415
5555
|
"id": "NIST-800-53-SC-8",
|
|
@@ -4422,19 +5562,14 @@
|
|
|
4422
5562
|
"control_name": "Flaw Remediation"
|
|
4423
5563
|
},
|
|
4424
5564
|
{
|
|
4425
|
-
"id": "NIST-800-
|
|
4426
|
-
"framework": "NIST SP 800-
|
|
4427
|
-
"control_name": "
|
|
4428
|
-
},
|
|
4429
|
-
{
|
|
4430
|
-
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
4431
|
-
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4432
|
-
"control_name": "Prompt Injection"
|
|
5565
|
+
"id": "NIST-800-82r3",
|
|
5566
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
5567
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
4433
5568
|
},
|
|
4434
5569
|
{
|
|
4435
|
-
"id": "OWASP-
|
|
4436
|
-
"framework": "OWASP
|
|
4437
|
-
"control_name": "
|
|
5570
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
5571
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
5572
|
+
"control_name": "Web application penetration testing methodology"
|
|
4438
5573
|
},
|
|
4439
5574
|
{
|
|
4440
5575
|
"id": "PCI-DSS-4.0-6.3.3",
|
|
@@ -4442,60 +5577,43 @@
|
|
|
4442
5577
|
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
4443
5578
|
},
|
|
4444
5579
|
{
|
|
4445
|
-
"id": "
|
|
4446
|
-
"framework": "
|
|
4447
|
-
"control_name": "
|
|
5580
|
+
"id": "PTES-Pre-engagement",
|
|
5581
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
5582
|
+
"control_name": "Pre-engagement Interactions"
|
|
4448
5583
|
},
|
|
4449
5584
|
{
|
|
4450
|
-
"id": "SOC2-
|
|
5585
|
+
"id": "SOC2-CC9-vendor-management",
|
|
4451
5586
|
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4452
|
-
"control_name": "
|
|
5587
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
4453
5588
|
}
|
|
4454
5589
|
],
|
|
4455
5590
|
"attack_refs": [
|
|
5591
|
+
"T0855",
|
|
5592
|
+
"T0883",
|
|
4456
5593
|
"T1059",
|
|
4457
5594
|
"T1068",
|
|
4458
|
-
"T1071",
|
|
4459
5595
|
"T1078",
|
|
4460
|
-
"
|
|
4461
|
-
"T1190",
|
|
4462
|
-
"T1548.001"
|
|
4463
|
-
"T1566",
|
|
4464
|
-
"T1566.001",
|
|
4465
|
-
"T1566.002",
|
|
4466
|
-
"T1566.003",
|
|
4467
|
-
"T1568"
|
|
5596
|
+
"T1133",
|
|
5597
|
+
"T1190",
|
|
5598
|
+
"T1548.001"
|
|
4468
5599
|
],
|
|
4469
5600
|
"rfc_refs": [
|
|
4470
5601
|
"RFC-4301",
|
|
4471
5602
|
"RFC-4303",
|
|
4472
|
-
"RFC-7296"
|
|
4473
|
-
"RFC-8446",
|
|
4474
|
-
"RFC-9000",
|
|
4475
|
-
"RFC-9114",
|
|
4476
|
-
"RFC-9180",
|
|
4477
|
-
"RFC-9421",
|
|
4478
|
-
"RFC-9458"
|
|
5603
|
+
"RFC-7296"
|
|
4479
5604
|
]
|
|
4480
5605
|
}
|
|
4481
5606
|
},
|
|
4482
|
-
"MAL-2026-
|
|
4483
|
-
"name": "
|
|
4484
|
-
"rwep":
|
|
5607
|
+
"MAL-2026-SHAI-HULUD-OSS": {
|
|
5608
|
+
"name": "Shai-Hulud worm framework (TeamPCP open-source release)",
|
|
5609
|
+
"rwep": 70,
|
|
4485
5610
|
"cvss": 9.8,
|
|
4486
5611
|
"cisa_kev": false,
|
|
4487
|
-
"epss_score": null,
|
|
4488
5612
|
"referencing_skills": [
|
|
4489
|
-
"fuzz-testing-strategy",
|
|
4490
5613
|
"supply-chain-integrity",
|
|
4491
|
-
"coordinated-vuln-disclosure",
|
|
4492
|
-
"threat-modeling-methodology",
|
|
4493
|
-
"webapp-security",
|
|
4494
5614
|
"sector-federal-government",
|
|
4495
|
-
"api-security",
|
|
4496
5615
|
"container-runtime-security",
|
|
4497
|
-
"mlops-security"
|
|
4498
|
-
"idp-incident-response"
|
|
5616
|
+
"mlops-security"
|
|
4499
5617
|
],
|
|
4500
5618
|
"chain": {
|
|
4501
5619
|
"cwes": [
|
|
@@ -4504,11 +5622,6 @@
|
|
|
4504
5622
|
"name": "Initialization of a Resource with an Insecure Default",
|
|
4505
5623
|
"category": "Configuration"
|
|
4506
5624
|
},
|
|
4507
|
-
{
|
|
4508
|
-
"id": "CWE-125",
|
|
4509
|
-
"name": "Out-of-bounds Read",
|
|
4510
|
-
"category": "Memory Safety"
|
|
4511
|
-
},
|
|
4512
5625
|
{
|
|
4513
5626
|
"id": "CWE-1357",
|
|
4514
5627
|
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
@@ -4524,61 +5637,11 @@
|
|
|
4524
5637
|
"name": "Improper Validation of Generative AI Output",
|
|
4525
5638
|
"category": "AI/ML"
|
|
4526
5639
|
},
|
|
4527
|
-
{
|
|
4528
|
-
"id": "CWE-20",
|
|
4529
|
-
"name": "Improper Input Validation",
|
|
4530
|
-
"category": "Validation"
|
|
4531
|
-
},
|
|
4532
|
-
{
|
|
4533
|
-
"id": "CWE-200",
|
|
4534
|
-
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
4535
|
-
"category": "Information Exposure"
|
|
4536
|
-
},
|
|
4537
|
-
{
|
|
4538
|
-
"id": "CWE-22",
|
|
4539
|
-
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
4540
|
-
"category": "Path/Resource"
|
|
4541
|
-
},
|
|
4542
5640
|
{
|
|
4543
5641
|
"id": "CWE-269",
|
|
4544
5642
|
"name": "Improper Privilege Management",
|
|
4545
5643
|
"category": "Authorization"
|
|
4546
5644
|
},
|
|
4547
|
-
{
|
|
4548
|
-
"id": "CWE-284",
|
|
4549
|
-
"name": "Improper Access Control",
|
|
4550
|
-
"category": "Access Control"
|
|
4551
|
-
},
|
|
4552
|
-
{
|
|
4553
|
-
"id": "CWE-287",
|
|
4554
|
-
"name": "Improper Authentication",
|
|
4555
|
-
"category": "Authentication"
|
|
4556
|
-
},
|
|
4557
|
-
{
|
|
4558
|
-
"id": "CWE-345",
|
|
4559
|
-
"name": "Insufficient Verification of Data Authenticity",
|
|
4560
|
-
"category": "Authenticity / Supply Chain"
|
|
4561
|
-
},
|
|
4562
|
-
{
|
|
4563
|
-
"id": "CWE-352",
|
|
4564
|
-
"name": "Cross-Site Request Forgery (CSRF)",
|
|
4565
|
-
"category": "Session"
|
|
4566
|
-
},
|
|
4567
|
-
{
|
|
4568
|
-
"id": "CWE-362",
|
|
4569
|
-
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
4570
|
-
"category": "Concurrency"
|
|
4571
|
-
},
|
|
4572
|
-
{
|
|
4573
|
-
"id": "CWE-416",
|
|
4574
|
-
"name": "Use After Free",
|
|
4575
|
-
"category": "Memory Safety"
|
|
4576
|
-
},
|
|
4577
|
-
{
|
|
4578
|
-
"id": "CWE-434",
|
|
4579
|
-
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
4580
|
-
"category": "File Handling"
|
|
4581
|
-
},
|
|
4582
5645
|
{
|
|
4583
5646
|
"id": "CWE-494",
|
|
4584
5647
|
"name": "Download of Code Without Integrity Check",
|
|
@@ -4589,65 +5652,20 @@
|
|
|
4589
5652
|
"name": "Deserialization of Untrusted Data",
|
|
4590
5653
|
"category": "Serialization"
|
|
4591
5654
|
},
|
|
4592
|
-
{
|
|
4593
|
-
"id": "CWE-522",
|
|
4594
|
-
"name": "Insufficiently Protected Credentials",
|
|
4595
|
-
"category": "Credentials Management"
|
|
4596
|
-
},
|
|
4597
5655
|
{
|
|
4598
5656
|
"id": "CWE-732",
|
|
4599
5657
|
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
4600
5658
|
"category": "Authorization"
|
|
4601
5659
|
},
|
|
4602
|
-
{
|
|
4603
|
-
"id": "CWE-77",
|
|
4604
|
-
"name": "Improper Neutralization of Special Elements used in a Command (Command Injection)",
|
|
4605
|
-
"category": "Injection"
|
|
4606
|
-
},
|
|
4607
|
-
{
|
|
4608
|
-
"id": "CWE-78",
|
|
4609
|
-
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
4610
|
-
"category": "Injection"
|
|
4611
|
-
},
|
|
4612
5660
|
{
|
|
4613
5661
|
"id": "CWE-787",
|
|
4614
5662
|
"name": "Out-of-bounds Write",
|
|
4615
5663
|
"category": "Memory Safety"
|
|
4616
5664
|
},
|
|
4617
|
-
{
|
|
4618
|
-
"id": "CWE-79",
|
|
4619
|
-
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
4620
|
-
"category": "Injection"
|
|
4621
|
-
},
|
|
4622
5665
|
{
|
|
4623
5666
|
"id": "CWE-829",
|
|
4624
5667
|
"name": "Inclusion of Functionality from Untrusted Control Sphere",
|
|
4625
5668
|
"category": "Supply Chain"
|
|
4626
|
-
},
|
|
4627
|
-
{
|
|
4628
|
-
"id": "CWE-862",
|
|
4629
|
-
"name": "Missing Authorization",
|
|
4630
|
-
"category": "Authorization"
|
|
4631
|
-
},
|
|
4632
|
-
{
|
|
4633
|
-
"id": "CWE-863",
|
|
4634
|
-
"name": "Incorrect Authorization",
|
|
4635
|
-
"category": "Authorization"
|
|
4636
|
-
},
|
|
4637
|
-
{
|
|
4638
|
-
"id": "CWE-89",
|
|
4639
|
-
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
4640
|
-
"category": "Injection"
|
|
4641
|
-
},
|
|
4642
|
-
{
|
|
4643
|
-
"id": "CWE-918",
|
|
4644
|
-
"name": "Server-Side Request Forgery (SSRF)",
|
|
4645
|
-
"category": "Network"
|
|
4646
|
-
},
|
|
4647
|
-
{
|
|
4648
|
-
"id": "CWE-94",
|
|
4649
|
-
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
4650
|
-
"category": "Injection"
|
|
4651
5669
|
}
|
|
4652
5670
|
],
|
|
4653
5671
|
"atlas": [
|
|
@@ -4675,16 +5693,6 @@
|
|
|
4675
5693
|
"id": "AML.T0043",
|
|
4676
5694
|
"name": "Craft Adversarial Data",
|
|
4677
5695
|
"tactic": "ML Attack Staging"
|
|
4678
|
-
},
|
|
4679
|
-
{
|
|
4680
|
-
"id": "AML.T0051",
|
|
4681
|
-
"name": "LLM Prompt Injection",
|
|
4682
|
-
"tactic": "Execution"
|
|
4683
|
-
},
|
|
4684
|
-
{
|
|
4685
|
-
"id": "AML.T0096",
|
|
4686
|
-
"name": "AI API as Covert C2 Channel",
|
|
4687
|
-
"tactic": "Command and Control"
|
|
4688
5696
|
}
|
|
4689
5697
|
],
|
|
4690
5698
|
"d3fend": [
|
|
@@ -4702,34 +5710,9 @@
|
|
|
4702
5710
|
"id": "D3-EHB",
|
|
4703
5711
|
"name": "Executable Hashbased Allowlist",
|
|
4704
5712
|
"tactic": "Harden"
|
|
4705
|
-
},
|
|
4706
|
-
{
|
|
4707
|
-
"id": "D3-IOPR",
|
|
4708
|
-
"name": "Input/Output Profiling Resource",
|
|
4709
|
-
"tactic": "Detect"
|
|
4710
|
-
},
|
|
4711
|
-
{
|
|
4712
|
-
"id": "D3-MFA",
|
|
4713
|
-
"name": "Multi-factor Authentication",
|
|
4714
|
-
"tactic": "Harden"
|
|
4715
|
-
},
|
|
4716
|
-
{
|
|
4717
|
-
"id": "D3-NTA",
|
|
4718
|
-
"name": "Network Traffic Analysis",
|
|
4719
|
-
"tactic": "Detect"
|
|
4720
|
-
},
|
|
4721
|
-
{
|
|
4722
|
-
"id": "D3-PSEP",
|
|
4723
|
-
"name": "Process Segment Execution Prevention",
|
|
4724
|
-
"tactic": "Harden"
|
|
4725
5713
|
}
|
|
4726
5714
|
],
|
|
4727
5715
|
"framework_gaps": [
|
|
4728
|
-
{
|
|
4729
|
-
"id": "AU-ISM-1559-IdP",
|
|
4730
|
-
"framework": "AU ISM",
|
|
4731
|
-
"control_name": "Privileged Account Credential Management — IdP-tenant control-plane extension"
|
|
4732
|
-
},
|
|
4733
5716
|
{
|
|
4734
5717
|
"id": "CMMC-2.0-Level-2",
|
|
4735
5718
|
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
@@ -4740,11 +5723,6 @@
|
|
|
4740
5723
|
"framework": "CycloneDX v1.6 (OWASP SBOM standard)",
|
|
4741
5724
|
"control_name": "Software Bill of Materials"
|
|
4742
5725
|
},
|
|
4743
|
-
{
|
|
4744
|
-
"id": "DORA-Art-19-IdP-4h",
|
|
4745
|
-
"framework": "EU DORA",
|
|
4746
|
-
"control_name": "Major-ICT-related-incident notification — IdP-specific 4-hour clock"
|
|
4747
|
-
},
|
|
4748
5726
|
{
|
|
4749
5727
|
"id": "FedRAMP-Rev5-Moderate",
|
|
4750
5728
|
"framework": "FedRAMP Rev 5 Moderate",
|
|
@@ -4755,61 +5733,26 @@
|
|
|
4755
5733
|
"framework": "HITRUST CSF v11.4",
|
|
4756
5734
|
"control_name": "Outsourced services management"
|
|
4757
5735
|
},
|
|
4758
|
-
{
|
|
4759
|
-
"id": "ISO-27001-2022-A.5.16-Federated",
|
|
4760
|
-
"framework": "ISO/IEC 27001:2022",
|
|
4761
|
-
"control_name": "Identity Management + Authentication Information — federated-state extension"
|
|
4762
|
-
},
|
|
4763
5736
|
{
|
|
4764
5737
|
"id": "ISO-27001-2022-A.8.28",
|
|
4765
5738
|
"framework": "ISO/IEC 27001:2022",
|
|
4766
5739
|
"control_name": "Secure coding"
|
|
4767
5740
|
},
|
|
4768
|
-
{
|
|
4769
|
-
"id": "ISO-27001-2022-A.8.8",
|
|
4770
|
-
"framework": "ISO/IEC 27001:2022",
|
|
4771
|
-
"control_name": "Management of technical vulnerabilities"
|
|
4772
|
-
},
|
|
4773
|
-
{
|
|
4774
|
-
"id": "ISO-IEC-23894-2023-clause-7",
|
|
4775
|
-
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
4776
|
-
"control_name": "AI risk management process"
|
|
4777
|
-
},
|
|
4778
5741
|
{
|
|
4779
5742
|
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
4780
5743
|
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
4781
5744
|
"control_name": "AI risk assessment"
|
|
4782
5745
|
},
|
|
4783
|
-
{
|
|
4784
|
-
"id": "NIS2-Art-21-Federated-Identity",
|
|
4785
|
-
"framework": "EU NIS2 Directive",
|
|
4786
|
-
"control_name": "Cryptography + Access Control — federated-identity extension"
|
|
4787
|
-
},
|
|
4788
|
-
{
|
|
4789
|
-
"id": "NIST-800-115",
|
|
4790
|
-
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
4791
|
-
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
4792
|
-
},
|
|
4793
5746
|
{
|
|
4794
5747
|
"id": "NIST-800-218-SSDF",
|
|
4795
5748
|
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
4796
5749
|
"control_name": "Secure Software Development Framework"
|
|
4797
5750
|
},
|
|
4798
|
-
{
|
|
4799
|
-
"id": "NIST-800-53-AC-2",
|
|
4800
|
-
"framework": "NIST SP 800-53 Rev 5",
|
|
4801
|
-
"control_name": "Account Management"
|
|
4802
|
-
},
|
|
4803
5751
|
{
|
|
4804
5752
|
"id": "NIST-800-53-CM-7",
|
|
4805
5753
|
"framework": "NIST SP 800-53 Rev 5",
|
|
4806
5754
|
"control_name": "Least Functionality"
|
|
4807
5755
|
},
|
|
4808
|
-
{
|
|
4809
|
-
"id": "NIST-800-53-IA-5-Federated",
|
|
4810
|
-
"framework": "NIST 800-53 Rev.5",
|
|
4811
|
-
"control_name": "Authenticator Management — federated-trust extension"
|
|
4812
|
-
},
|
|
4813
5756
|
{
|
|
4814
5757
|
"id": "NIST-800-53-SA-12",
|
|
4815
5758
|
"framework": "NIST SP 800-53 Rev 5",
|
|
@@ -4820,21 +5763,6 @@
|
|
|
4820
5763
|
"framework": "NIST AI RMF 1.0",
|
|
4821
5764
|
"control_name": "AI system to human interaction evaluation"
|
|
4822
5765
|
},
|
|
4823
|
-
{
|
|
4824
|
-
"id": "OFAC-Sanctions-Threat-Actor-Negotiation",
|
|
4825
|
-
"framework": "US Treasury OFAC + EU sanctions overlay + UK OFSI",
|
|
4826
|
-
"control_name": "Sanctions screening on ransomware-payment / threat-actor negotiation"
|
|
4827
|
-
},
|
|
4828
|
-
{
|
|
4829
|
-
"id": "OWASP-ASVS-v5.0-V14",
|
|
4830
|
-
"framework": "OWASP ASVS v5.0",
|
|
4831
|
-
"control_name": "Configuration verification"
|
|
4832
|
-
},
|
|
4833
|
-
{
|
|
4834
|
-
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
4835
|
-
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
4836
|
-
"control_name": "Prompt Injection"
|
|
4837
|
-
},
|
|
4838
5766
|
{
|
|
4839
5767
|
"id": "OWASP-LLM-Top-10-2025-LLM08",
|
|
4840
5768
|
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
@@ -4845,16 +5773,6 @@
|
|
|
4845
5773
|
"framework": "SLSA v1.0 (Supply-chain Levels for Software Artifacts) — Build Track",
|
|
4846
5774
|
"control_name": "Hardened build platform with non-falsifiable provenance"
|
|
4847
5775
|
},
|
|
4848
|
-
{
|
|
4849
|
-
"id": "SOC2-CC6-OAuth-Consent",
|
|
4850
|
-
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4851
|
-
"control_name": "Logical and Physical Access Controls — OAuth consent extension"
|
|
4852
|
-
},
|
|
4853
|
-
{
|
|
4854
|
-
"id": "SOC2-CC9-vendor-management",
|
|
4855
|
-
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
4856
|
-
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
4857
|
-
},
|
|
4858
5776
|
{
|
|
4859
5777
|
"id": "SPDX-v3.0-SBOM",
|
|
4860
5778
|
"framework": "SPDX v3.0 (ISO/IEC 5962-aligned SBOM standard)",
|
|
@@ -4865,11 +5783,6 @@
|
|
|
4865
5783
|
"framework": "SWIFT Customer Security Controls Framework v2026",
|
|
4866
5784
|
"control_name": "SWIFT Environment Protection"
|
|
4867
5785
|
},
|
|
4868
|
-
{
|
|
4869
|
-
"id": "UK-CAF-B2-IdP-Tenant",
|
|
4870
|
-
"framework": "UK NCSC CAF",
|
|
4871
|
-
"control_name": "Identity and Access Control — IdP-tenant control-plane extension"
|
|
4872
|
-
},
|
|
4873
5786
|
{
|
|
4874
5787
|
"id": "VEX-CSAF-v2.1",
|
|
4875
5788
|
"framework": "VEX via OASIS CSAF 2.1 (Common Security Advisory Framework)",
|
|
@@ -4877,34 +5790,18 @@
|
|
|
4877
5790
|
}
|
|
4878
5791
|
],
|
|
4879
5792
|
"attack_refs": [
|
|
4880
|
-
"T1059",
|
|
4881
5793
|
"T1068",
|
|
4882
|
-
"T1078",
|
|
4883
|
-
"T1078.004",
|
|
4884
|
-
"T1098.001",
|
|
4885
5794
|
"T1190",
|
|
4886
5795
|
"T1195.001",
|
|
4887
5796
|
"T1195.002",
|
|
4888
|
-
"T1199",
|
|
4889
|
-
"T1505",
|
|
4890
5797
|
"T1554",
|
|
4891
|
-
"T1556.007",
|
|
4892
5798
|
"T1565",
|
|
4893
|
-
"T1567",
|
|
4894
|
-
"T1606.002",
|
|
4895
5799
|
"T1610",
|
|
4896
5800
|
"T1611"
|
|
4897
5801
|
],
|
|
4898
5802
|
"rfc_refs": [
|
|
4899
|
-
"RFC-6749",
|
|
4900
|
-
"RFC-7519",
|
|
4901
|
-
"RFC-7591",
|
|
4902
5803
|
"RFC-8032",
|
|
4903
|
-
"RFC-8446"
|
|
4904
|
-
"RFC-8725",
|
|
4905
|
-
"RFC-9114",
|
|
4906
|
-
"RFC-9421",
|
|
4907
|
-
"RFC-9700"
|
|
5804
|
+
"RFC-8446"
|
|
4908
5805
|
]
|
|
4909
5806
|
}
|
|
4910
5807
|
},
|
|
@@ -5173,6 +6070,7 @@
|
|
|
5173
6070
|
]
|
|
5174
6071
|
},
|
|
5175
6072
|
"related_cves": [
|
|
6073
|
+
"CVE-2024-3094",
|
|
5176
6074
|
"CVE-2025-53773",
|
|
5177
6075
|
"CVE-2026-30615",
|
|
5178
6076
|
"CVE-2026-31431",
|
|
@@ -5180,6 +6078,7 @@
|
|
|
5180
6078
|
"CVE-2026-42208",
|
|
5181
6079
|
"CVE-2026-45321",
|
|
5182
6080
|
"CVE-2026-46300",
|
|
6081
|
+
"CVE-2026-46333",
|
|
5183
6082
|
"MAL-2026-3083",
|
|
5184
6083
|
"MAL-2026-NODE-IPC-STEALER"
|
|
5185
6084
|
]
|
|
@@ -5357,6 +6256,7 @@
|
|
|
5357
6256
|
]
|
|
5358
6257
|
},
|
|
5359
6258
|
"related_cves": [
|
|
6259
|
+
"CVE-2024-3094",
|
|
5360
6260
|
"CVE-2025-53773",
|
|
5361
6261
|
"CVE-2026-30615",
|
|
5362
6262
|
"CVE-2026-39884",
|
|
@@ -5498,6 +6398,7 @@
|
|
|
5498
6398
|
"CVE-2026-42208",
|
|
5499
6399
|
"CVE-2026-45321",
|
|
5500
6400
|
"CVE-2026-46300",
|
|
6401
|
+
"CVE-2026-46333",
|
|
5501
6402
|
"MAL-2026-3083",
|
|
5502
6403
|
"MAL-2026-NODE-IPC-STEALER"
|
|
5503
6404
|
]
|
|
@@ -5623,6 +6524,7 @@
|
|
|
5623
6524
|
"CVE-2026-42208",
|
|
5624
6525
|
"CVE-2026-45321",
|
|
5625
6526
|
"CVE-2026-46300",
|
|
6527
|
+
"CVE-2026-46333",
|
|
5626
6528
|
"MAL-2026-3083",
|
|
5627
6529
|
"MAL-2026-NODE-IPC-STEALER"
|
|
5628
6530
|
]
|
|
@@ -5762,6 +6664,7 @@
|
|
|
5762
6664
|
"CVE-2026-42208",
|
|
5763
6665
|
"CVE-2026-45321",
|
|
5764
6666
|
"CVE-2026-46300",
|
|
6667
|
+
"CVE-2026-46333",
|
|
5765
6668
|
"MAL-2026-3083",
|
|
5766
6669
|
"MAL-2026-NODE-IPC-STEALER"
|
|
5767
6670
|
]
|
|
@@ -5998,6 +6901,7 @@
|
|
|
5998
6901
|
]
|
|
5999
6902
|
},
|
|
6000
6903
|
"related_cves": [
|
|
6904
|
+
"CVE-2024-3094",
|
|
6001
6905
|
"CVE-2025-53773",
|
|
6002
6906
|
"CVE-2026-30615",
|
|
6003
6907
|
"CVE-2026-32202",
|
|
@@ -6143,10 +7047,12 @@
|
|
|
6143
7047
|
"CVE-2026-33825",
|
|
6144
7048
|
"CVE-2026-39884",
|
|
6145
7049
|
"CVE-2026-42897",
|
|
7050
|
+
"CVE-2026-42945",
|
|
6146
7051
|
"CVE-2026-43284",
|
|
6147
7052
|
"CVE-2026-43500",
|
|
6148
7053
|
"CVE-2026-45321",
|
|
6149
7054
|
"CVE-2026-46300",
|
|
7055
|
+
"CVE-2026-46333",
|
|
6150
7056
|
"CVE-2026-6973",
|
|
6151
7057
|
"MAL-2026-3083",
|
|
6152
7058
|
"MAL-2026-NODE-IPC-STEALER"
|
|
@@ -6361,6 +7267,7 @@
|
|
|
6361
7267
|
]
|
|
6362
7268
|
},
|
|
6363
7269
|
"related_cves": [
|
|
7270
|
+
"CVE-2024-3094",
|
|
6364
7271
|
"CVE-2025-53773",
|
|
6365
7272
|
"CVE-2026-30615",
|
|
6366
7273
|
"CVE-2026-39884",
|
|
@@ -6703,6 +7610,7 @@
|
|
|
6703
7610
|
]
|
|
6704
7611
|
},
|
|
6705
7612
|
"related_cves": [
|
|
7613
|
+
"CVE-2024-3094",
|
|
6706
7614
|
"CVE-2025-53773",
|
|
6707
7615
|
"CVE-2026-30615",
|
|
6708
7616
|
"CVE-2026-31431",
|
|
@@ -6710,8 +7618,10 @@
|
|
|
6710
7618
|
"CVE-2026-42208",
|
|
6711
7619
|
"CVE-2026-45321",
|
|
6712
7620
|
"CVE-2026-46300",
|
|
7621
|
+
"CVE-2026-46333",
|
|
6713
7622
|
"MAL-2026-3083",
|
|
6714
|
-
"MAL-2026-NODE-IPC-STEALER"
|
|
7623
|
+
"MAL-2026-NODE-IPC-STEALER",
|
|
7624
|
+
"MAL-2026-SHAI-HULUD-OSS"
|
|
6715
7625
|
]
|
|
6716
7626
|
},
|
|
6717
7627
|
"CWE-284": {
|
|
@@ -7261,6 +8171,7 @@
|
|
|
7261
8171
|
]
|
|
7262
8172
|
},
|
|
7263
8173
|
"related_cves": [
|
|
8174
|
+
"CVE-2024-3094",
|
|
7264
8175
|
"CVE-2025-53773",
|
|
7265
8176
|
"CVE-2026-30615",
|
|
7266
8177
|
"CVE-2026-31431",
|
|
@@ -7268,6 +8179,7 @@
|
|
|
7268
8179
|
"CVE-2026-42208",
|
|
7269
8180
|
"CVE-2026-45321",
|
|
7270
8181
|
"CVE-2026-46300",
|
|
8182
|
+
"CVE-2026-46333",
|
|
7271
8183
|
"MAL-2026-3083",
|
|
7272
8184
|
"MAL-2026-NODE-IPC-STEALER"
|
|
7273
8185
|
]
|
|
@@ -7460,12 +8372,14 @@
|
|
|
7460
8372
|
]
|
|
7461
8373
|
},
|
|
7462
8374
|
"related_cves": [
|
|
8375
|
+
"CVE-2024-3094",
|
|
7463
8376
|
"CVE-2025-53773",
|
|
7464
8377
|
"CVE-2026-30615",
|
|
7465
8378
|
"CVE-2026-31431",
|
|
7466
8379
|
"CVE-2026-39884",
|
|
7467
8380
|
"CVE-2026-45321",
|
|
7468
8381
|
"CVE-2026-46300",
|
|
8382
|
+
"CVE-2026-46333",
|
|
7469
8383
|
"MAL-2026-3083"
|
|
7470
8384
|
]
|
|
7471
8385
|
},
|
|
@@ -7856,6 +8770,7 @@
|
|
|
7856
8770
|
]
|
|
7857
8771
|
},
|
|
7858
8772
|
"related_cves": [
|
|
8773
|
+
"CVE-2024-3094",
|
|
7859
8774
|
"CVE-2025-53773",
|
|
7860
8775
|
"CVE-2026-30615",
|
|
7861
8776
|
"CVE-2026-45321",
|
|
@@ -8080,6 +8995,7 @@
|
|
|
8080
8995
|
]
|
|
8081
8996
|
},
|
|
8082
8997
|
"related_cves": [
|
|
8998
|
+
"CVE-2024-3094",
|
|
8083
8999
|
"CVE-2025-53773",
|
|
8084
9000
|
"CVE-2026-30615",
|
|
8085
9001
|
"CVE-2026-31431",
|
|
@@ -8087,6 +9003,7 @@
|
|
|
8087
9003
|
"CVE-2026-42208",
|
|
8088
9004
|
"CVE-2026-45321",
|
|
8089
9005
|
"CVE-2026-46300",
|
|
9006
|
+
"CVE-2026-46333",
|
|
8090
9007
|
"MAL-2026-3083",
|
|
8091
9008
|
"MAL-2026-NODE-IPC-STEALER"
|
|
8092
9009
|
]
|
|
@@ -8225,10 +9142,12 @@
|
|
|
8225
9142
|
"CVE-2026-33825",
|
|
8226
9143
|
"CVE-2026-39884",
|
|
8227
9144
|
"CVE-2026-42897",
|
|
9145
|
+
"CVE-2026-42945",
|
|
8228
9146
|
"CVE-2026-43284",
|
|
8229
9147
|
"CVE-2026-43500",
|
|
8230
9148
|
"CVE-2026-45321",
|
|
8231
9149
|
"CVE-2026-46300",
|
|
9150
|
+
"CVE-2026-46333",
|
|
8232
9151
|
"CVE-2026-6973",
|
|
8233
9152
|
"MAL-2026-3083",
|
|
8234
9153
|
"MAL-2026-NODE-IPC-STEALER"
|
|
@@ -8354,10 +9273,12 @@
|
|
|
8354
9273
|
"CVE-2026-33825",
|
|
8355
9274
|
"CVE-2026-39884",
|
|
8356
9275
|
"CVE-2026-42897",
|
|
9276
|
+
"CVE-2026-42945",
|
|
8357
9277
|
"CVE-2026-43284",
|
|
8358
9278
|
"CVE-2026-43500",
|
|
8359
9279
|
"CVE-2026-45321",
|
|
8360
9280
|
"CVE-2026-46300",
|
|
9281
|
+
"CVE-2026-46333",
|
|
8361
9282
|
"CVE-2026-6973",
|
|
8362
9283
|
"MAL-2026-3083",
|
|
8363
9284
|
"MAL-2026-NODE-IPC-STEALER"
|
|
@@ -8570,6 +9491,7 @@
|
|
|
8570
9491
|
]
|
|
8571
9492
|
},
|
|
8572
9493
|
"related_cves": [
|
|
9494
|
+
"CVE-2024-3094",
|
|
8573
9495
|
"CVE-2025-53773",
|
|
8574
9496
|
"CVE-2026-30615",
|
|
8575
9497
|
"CVE-2026-31431",
|
|
@@ -8577,6 +9499,7 @@
|
|
|
8577
9499
|
"CVE-2026-42208",
|
|
8578
9500
|
"CVE-2026-45321",
|
|
8579
9501
|
"CVE-2026-46300",
|
|
9502
|
+
"CVE-2026-46333",
|
|
8580
9503
|
"MAL-2026-3083",
|
|
8581
9504
|
"MAL-2026-NODE-IPC-STEALER"
|
|
8582
9505
|
]
|
|
@@ -8767,11 +9690,13 @@
|
|
|
8767
9690
|
]
|
|
8768
9691
|
},
|
|
8769
9692
|
"related_cves": [
|
|
9693
|
+
"CVE-2024-3094",
|
|
8770
9694
|
"CVE-2025-53773",
|
|
8771
9695
|
"CVE-2026-30615",
|
|
8772
9696
|
"CVE-2026-45321",
|
|
8773
9697
|
"MAL-2026-3083",
|
|
8774
|
-
"MAL-2026-NODE-IPC-STEALER"
|
|
9698
|
+
"MAL-2026-NODE-IPC-STEALER",
|
|
9699
|
+
"MAL-2026-SHAI-HULUD-OSS"
|
|
8775
9700
|
]
|
|
8776
9701
|
},
|
|
8777
9702
|
"CWE-502": {
|
|
@@ -8953,12 +9878,14 @@
|
|
|
8953
9878
|
]
|
|
8954
9879
|
},
|
|
8955
9880
|
"related_cves": [
|
|
9881
|
+
"CVE-2024-3094",
|
|
8956
9882
|
"CVE-2026-30615",
|
|
8957
9883
|
"CVE-2026-39884",
|
|
8958
9884
|
"CVE-2026-42208",
|
|
8959
9885
|
"CVE-2026-45321",
|
|
8960
9886
|
"MAL-2026-3083",
|
|
8961
|
-
"MAL-2026-NODE-IPC-STEALER"
|
|
9887
|
+
"MAL-2026-NODE-IPC-STEALER",
|
|
9888
|
+
"MAL-2026-SHAI-HULUD-OSS"
|
|
8962
9889
|
]
|
|
8963
9890
|
},
|
|
8964
9891
|
"CWE-506": {
|
|
@@ -9254,10 +10181,12 @@
|
|
|
9254
10181
|
"CVE-2026-33825",
|
|
9255
10182
|
"CVE-2026-39884",
|
|
9256
10183
|
"CVE-2026-42897",
|
|
10184
|
+
"CVE-2026-42945",
|
|
9257
10185
|
"CVE-2026-43284",
|
|
9258
10186
|
"CVE-2026-43500",
|
|
9259
10187
|
"CVE-2026-45321",
|
|
9260
10188
|
"CVE-2026-46300",
|
|
10189
|
+
"CVE-2026-46333",
|
|
9261
10190
|
"CVE-2026-6973",
|
|
9262
10191
|
"MAL-2026-3083"
|
|
9263
10192
|
]
|
|
@@ -9534,6 +10463,7 @@
|
|
|
9534
10463
|
]
|
|
9535
10464
|
},
|
|
9536
10465
|
"related_cves": [
|
|
10466
|
+
"CVE-2024-3094",
|
|
9537
10467
|
"CVE-2025-53773",
|
|
9538
10468
|
"CVE-2026-30615",
|
|
9539
10469
|
"CVE-2026-31431",
|
|
@@ -9541,8 +10471,10 @@
|
|
|
9541
10471
|
"CVE-2026-42208",
|
|
9542
10472
|
"CVE-2026-45321",
|
|
9543
10473
|
"CVE-2026-46300",
|
|
10474
|
+
"CVE-2026-46333",
|
|
9544
10475
|
"MAL-2026-3083",
|
|
9545
|
-
"MAL-2026-NODE-IPC-STEALER"
|
|
10476
|
+
"MAL-2026-NODE-IPC-STEALER",
|
|
10477
|
+
"MAL-2026-SHAI-HULUD-OSS"
|
|
9546
10478
|
]
|
|
9547
10479
|
},
|
|
9548
10480
|
"CWE-759": {
|
|
@@ -9749,6 +10681,7 @@
|
|
|
9749
10681
|
]
|
|
9750
10682
|
},
|
|
9751
10683
|
"related_cves": [
|
|
10684
|
+
"CVE-2024-3094",
|
|
9752
10685
|
"CVE-2025-53773",
|
|
9753
10686
|
"CVE-2026-0300",
|
|
9754
10687
|
"CVE-2026-30615",
|
|
@@ -9757,13 +10690,16 @@
|
|
|
9757
10690
|
"CVE-2026-33825",
|
|
9758
10691
|
"CVE-2026-39884",
|
|
9759
10692
|
"CVE-2026-42897",
|
|
10693
|
+
"CVE-2026-42945",
|
|
9760
10694
|
"CVE-2026-43284",
|
|
9761
10695
|
"CVE-2026-43500",
|
|
9762
10696
|
"CVE-2026-45321",
|
|
9763
10697
|
"CVE-2026-46300",
|
|
10698
|
+
"CVE-2026-46333",
|
|
9764
10699
|
"CVE-2026-6973",
|
|
9765
10700
|
"MAL-2026-3083",
|
|
9766
|
-
"MAL-2026-NODE-IPC-STEALER"
|
|
10701
|
+
"MAL-2026-NODE-IPC-STEALER",
|
|
10702
|
+
"MAL-2026-SHAI-HULUD-OSS"
|
|
9767
10703
|
]
|
|
9768
10704
|
},
|
|
9769
10705
|
"CWE-798": {
|
|
@@ -10049,12 +10985,14 @@
|
|
|
10049
10985
|
]
|
|
10050
10986
|
},
|
|
10051
10987
|
"related_cves": [
|
|
10988
|
+
"CVE-2024-3094",
|
|
10052
10989
|
"CVE-2025-53773",
|
|
10053
10990
|
"CVE-2026-30615",
|
|
10054
10991
|
"CVE-2026-31431",
|
|
10055
10992
|
"CVE-2026-39884",
|
|
10056
10993
|
"CVE-2026-45321",
|
|
10057
10994
|
"CVE-2026-46300",
|
|
10995
|
+
"CVE-2026-46333",
|
|
10058
10996
|
"MAL-2026-3083"
|
|
10059
10997
|
]
|
|
10060
10998
|
},
|
|
@@ -10168,10 +11106,12 @@
|
|
|
10168
11106
|
]
|
|
10169
11107
|
},
|
|
10170
11108
|
"related_cves": [
|
|
11109
|
+
"CVE-2024-3094",
|
|
10171
11110
|
"CVE-2026-30615",
|
|
10172
11111
|
"CVE-2026-45321",
|
|
10173
11112
|
"MAL-2026-3083",
|
|
10174
|
-
"MAL-2026-NODE-IPC-STEALER"
|
|
11113
|
+
"MAL-2026-NODE-IPC-STEALER",
|
|
11114
|
+
"MAL-2026-SHAI-HULUD-OSS"
|
|
10175
11115
|
]
|
|
10176
11116
|
},
|
|
10177
11117
|
"CWE-862": {
|
|
@@ -10349,6 +11289,7 @@
|
|
|
10349
11289
|
]
|
|
10350
11290
|
},
|
|
10351
11291
|
"related_cves": [
|
|
11292
|
+
"CVE-2024-3094",
|
|
10352
11293
|
"CVE-2025-53773",
|
|
10353
11294
|
"CVE-2026-30615",
|
|
10354
11295
|
"CVE-2026-39884",
|
|
@@ -10624,6 +11565,7 @@
|
|
|
10624
11565
|
]
|
|
10625
11566
|
},
|
|
10626
11567
|
"related_cves": [
|
|
11568
|
+
"CVE-2024-3094",
|
|
10627
11569
|
"CVE-2025-53773",
|
|
10628
11570
|
"CVE-2026-30615",
|
|
10629
11571
|
"CVE-2026-39884",
|
|
@@ -10927,6 +11869,7 @@
|
|
|
10927
11869
|
]
|
|
10928
11870
|
},
|
|
10929
11871
|
"related_cves": [
|
|
11872
|
+
"CVE-2024-3094",
|
|
10930
11873
|
"CVE-2025-53773",
|
|
10931
11874
|
"CVE-2026-30615",
|
|
10932
11875
|
"CVE-2026-31431",
|
|
@@ -10934,6 +11877,7 @@
|
|
|
10934
11877
|
"CVE-2026-42208",
|
|
10935
11878
|
"CVE-2026-45321",
|
|
10936
11879
|
"CVE-2026-46300",
|
|
11880
|
+
"CVE-2026-46333",
|
|
10937
11881
|
"MAL-2026-3083",
|
|
10938
11882
|
"MAL-2026-NODE-IPC-STEALER"
|
|
10939
11883
|
]
|
|
@@ -10991,6 +11935,7 @@
|
|
|
10991
11935
|
"CVE-2026-39884",
|
|
10992
11936
|
"CVE-2026-45321",
|
|
10993
11937
|
"CVE-2026-46300",
|
|
11938
|
+
"CVE-2026-46333",
|
|
10994
11939
|
"MAL-2026-3083"
|
|
10995
11940
|
]
|
|
10996
11941
|
},
|
|
@@ -11278,13 +12223,15 @@
|
|
|
11278
12223
|
]
|
|
11279
12224
|
},
|
|
11280
12225
|
"related_cves": [
|
|
12226
|
+
"CVE-2024-3094",
|
|
11281
12227
|
"CVE-2025-53773",
|
|
11282
12228
|
"CVE-2026-30615",
|
|
11283
12229
|
"CVE-2026-39884",
|
|
11284
12230
|
"CVE-2026-42208",
|
|
11285
12231
|
"CVE-2026-45321",
|
|
11286
12232
|
"MAL-2026-3083",
|
|
11287
|
-
"MAL-2026-NODE-IPC-STEALER"
|
|
12233
|
+
"MAL-2026-NODE-IPC-STEALER",
|
|
12234
|
+
"MAL-2026-SHAI-HULUD-OSS"
|
|
11288
12235
|
]
|
|
11289
12236
|
},
|
|
11290
12237
|
"CWE-1357": {
|
|
@@ -11440,13 +12387,17 @@
|
|
|
11440
12387
|
]
|
|
11441
12388
|
},
|
|
11442
12389
|
"related_cves": [
|
|
12390
|
+
"CVE-2024-3094",
|
|
11443
12391
|
"CVE-2026-0300",
|
|
11444
12392
|
"CVE-2026-30615",
|
|
11445
12393
|
"CVE-2026-31431",
|
|
12394
|
+
"CVE-2026-42945",
|
|
11446
12395
|
"CVE-2026-45321",
|
|
11447
12396
|
"CVE-2026-46300",
|
|
12397
|
+
"CVE-2026-46333",
|
|
11448
12398
|
"MAL-2026-3083",
|
|
11449
|
-
"MAL-2026-NODE-IPC-STEALER"
|
|
12399
|
+
"MAL-2026-NODE-IPC-STEALER",
|
|
12400
|
+
"MAL-2026-SHAI-HULUD-OSS"
|
|
11450
12401
|
]
|
|
11451
12402
|
},
|
|
11452
12403
|
"CWE-1395": {
|
|
@@ -11660,14 +12611,17 @@
|
|
|
11660
12611
|
]
|
|
11661
12612
|
},
|
|
11662
12613
|
"related_cves": [
|
|
12614
|
+
"CVE-2024-3094",
|
|
11663
12615
|
"CVE-2025-53773",
|
|
11664
12616
|
"CVE-2026-30615",
|
|
11665
12617
|
"CVE-2026-31431",
|
|
11666
12618
|
"CVE-2026-39884",
|
|
11667
12619
|
"CVE-2026-45321",
|
|
11668
12620
|
"CVE-2026-46300",
|
|
12621
|
+
"CVE-2026-46333",
|
|
11669
12622
|
"MAL-2026-3083",
|
|
11670
|
-
"MAL-2026-NODE-IPC-STEALER"
|
|
12623
|
+
"MAL-2026-NODE-IPC-STEALER",
|
|
12624
|
+
"MAL-2026-SHAI-HULUD-OSS"
|
|
11671
12625
|
]
|
|
11672
12626
|
},
|
|
11673
12627
|
"CWE-1426": {
|
|
@@ -11910,6 +12864,7 @@
|
|
|
11910
12864
|
]
|
|
11911
12865
|
},
|
|
11912
12866
|
"related_cves": [
|
|
12867
|
+
"CVE-2024-3094",
|
|
11913
12868
|
"CVE-2025-53773",
|
|
11914
12869
|
"CVE-2026-30615",
|
|
11915
12870
|
"CVE-2026-32202",
|
|
@@ -11920,7 +12875,8 @@
|
|
|
11920
12875
|
"CVE-2026-43284",
|
|
11921
12876
|
"CVE-2026-45321",
|
|
11922
12877
|
"MAL-2026-3083",
|
|
11923
|
-
"MAL-2026-NODE-IPC-STEALER"
|
|
12878
|
+
"MAL-2026-NODE-IPC-STEALER",
|
|
12879
|
+
"MAL-2026-SHAI-HULUD-OSS"
|
|
11924
12880
|
]
|
|
11925
12881
|
}
|
|
11926
12882
|
}
|